EPSS
Percentile
29.5%
wicket-jquery-ui-plugins and wicket-kendo-ui are vulnerable to cross-site scripting (XSS) attacks. These attacks are possible because the WYSIWYG editor allows attackers to enter and execute arbitrary scripts.
seclists.org/oss-sec/2018/q1/185
github.com/sebfz1/wicket-jquery-ui/wiki#cve-2017-15719---xss-in-wysiwyg-editor