Lucene search
+L

107 matches found

OSV
OSV
added 2024/03/18 9:30 a.m.3 views

GHSA-MJQ8-GG9X-87GR FitNesse Cross-site Scripting vulnerability

Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...

6.1CVSS6.3AI score0.0057EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2024/03/18 9:30 a.m.8 views

com.elega9t:fitnesse-params (=0.0.1), com.github.andreptb:fitnesse-maven-runner-plugin (>=0.2.0 <=0.2.1) +69 more potentially affected by CVE-2024-28125 via org.fitnesse:fitnesse (>=20050731 <=20240707)

org.fitnesse:fitnesse MAVEN version =20050731, =0.2.0, =0.1.0, =BETA-V1.00, =1.0.6, =1.0.0, =1.0.0, =1.2.1, =1.0.1, =1.1.0, =1.0.0, =1.0.0, =1.6.0, =1.6.5 and more Source cves: CVE-2024-28125 Source advisory: OSV:GHSA-X9R9-48RM-4XM6...

9.8CVSS7.6AI score0.00992EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/03/18 9:30 a.m.18 views

FitNesse allows execution of arbitrary OS commands

FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands...

9.8CVSS7.3AI score0.00992EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/03/18 9:30 a.m.25 views

GHSA-X9R9-48RM-4XM6 FitNesse allows execution of arbitrary OS commands

FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands...

9.8CVSS6.1AI score0.00992EPSS
Exploits0References5
OSV
OSV
added 2024/03/18 9:15 a.m.5 views

CVE-2024-28039

Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service DoS condition...

5.8CVSS5.8AI score0.00726EPSS
Exploits0References4
NVD
NVD
added 2024/03/18 9:15 a.m.10 views

CVE-2024-28039

Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service DoS condition...

5.8CVSS6.6AI score0.00726EPSS
Exploits0References4
OSV
OSV
added 2024/03/18 8:15 a.m.5 views

CVE-2024-28125

FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation...

9.8CVSS6.1AI score0.00992EPSS
Exploits0References4
NVD
NVD
added 2024/03/18 8:15 a.m.16 views

CVE-2024-23604

Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters...

6.1CVSS6.7AI score0.00574EPSS
Exploits0References4
NVD
NVD
added 2024/03/18 8:15 a.m.21 views

CVE-2024-28125

FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation...

9.8CVSS7AI score0.00992EPSS
Exploits0References4
OSV
OSV
added 2024/03/18 8:15 a.m.3 views

CVE-2024-23604

Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters...

6.1CVSS6AI score0.00574EPSS
Exploits0References4
NVD
NVD
added 2024/03/18 8:15 a.m.18 views

CVE-2024-28128

Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...

6.1CVSS6.7AI score0.0057EPSS
Exploits0References4
CVE
CVE
added 2024/03/18 8:13 a.m.58 views

CVE-2024-28039

CVE-2024-28039 affects FitNesse (all releases) with an improper restriction of XML external entity references (CWE-611). A remote, unauthenticated attacker can potentially obtain sensitive information, alter data, or cause a denial-of-service (DoS). Public documents consistently describe the impa...

5.8CVSS6.8AI score0.00726EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/03/18 8:13 a.m.23 views

CVE-2024-28039

Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service DoS condition...

6.8AI score0.00726EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/03/18 8:13 a.m.10 views

CVE-2024-28039

Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service DoS condition...

6.9AI score0.00726EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/03/18 7:31 a.m.10 views

CVE-2024-28128

Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...

7AI score0.0057EPSS
Exploits0References4
CVE
CVE
added 2024/03/18 7:31 a.m.54 views

CVE-2024-28128

CVE-2024-28128 affects FitNesse prior to the 20220319 release. The vulnerability is a cross-site scripting (XSS) flaw that may allow a remote, unauthenticated attacker to run arbitrary scripts in the web browser of a user loading a crafted link, as described in multiple sources. The issue is asso...

6.1CVSS6.9AI score0.0057EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/03/18 7:31 a.m.21 views

CVE-2024-28128

Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...

6.9AI score0.0057EPSS
Exploits0References4
OSV
OSV
added 2024/03/18 7:31 a.m.4 views

CVE-2024-28128

Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...

6.1CVSS6.3AI score0.0057EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/03/18 7:26 a.m.14 views

CVE-2024-28125

FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation...

9.5AI score0.00992EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/03/18 7:26 a.m.29 views

CVE-2024-28125

FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation...

7.3AI score0.00992EPSS
Exploits0References4
Rows per page
Query Builder