107 matches found
GHSA-MJQ8-GG9X-87GR FitNesse Cross-site Scripting vulnerability
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...
com.elega9t:fitnesse-params (=0.0.1), com.github.andreptb:fitnesse-maven-runner-plugin (>=0.2.0 <=0.2.1) +69 more potentially affected by CVE-2024-28125 via org.fitnesse:fitnesse (>=20050731 <=20240707)
org.fitnesse:fitnesse MAVEN version =20050731, =0.2.0, =0.1.0, =BETA-V1.00, =1.0.6, =1.0.0, =1.0.0, =1.2.1, =1.0.1, =1.1.0, =1.0.0, =1.0.0, =1.6.0, =1.6.5 and more Source cves: CVE-2024-28125 Source advisory: OSV:GHSA-X9R9-48RM-4XM6...
FitNesse allows execution of arbitrary OS commands
FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands...
GHSA-X9R9-48RM-4XM6 FitNesse allows execution of arbitrary OS commands
FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands...
CVE-2024-28039
Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service DoS condition...
CVE-2024-28039
Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service DoS condition...
CVE-2024-28125
FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation...
CVE-2024-23604
Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters...
CVE-2024-28125
FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation...
CVE-2024-23604
Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters...
CVE-2024-28128
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...
CVE-2024-28039
CVE-2024-28039 affects FitNesse (all releases) with an improper restriction of XML external entity references (CWE-611). A remote, unauthenticated attacker can potentially obtain sensitive information, alter data, or cause a denial-of-service (DoS). Public documents consistently describe the impa...
CVE-2024-28039
Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service DoS condition...
CVE-2024-28039
Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service DoS condition...
CVE-2024-28128
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...
CVE-2024-28128
CVE-2024-28128 affects FitNesse prior to the 20220319 release. The vulnerability is a cross-site scripting (XSS) flaw that may allow a remote, unauthenticated attacker to run arbitrary scripts in the web browser of a user loading a crafted link, as described in multiple sources. The issue is asso...
CVE-2024-28128
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...
CVE-2024-28128
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...
CVE-2024-28125
FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation...
CVE-2024-28125
FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation...