Vendor: The Apache Software Foundation
Versions Affected: Apache Wicket 1.4.x
Apache Wicket 1.3.x and 1.5-RCx are not affected
Mitigation: Either disable multi window support with
Credit: This issue was discovered by Sven Krewitt of TÜV Rheinland i-sec GmbH.