5 matches found
CVE-2024-23604
Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters...
CVE-2024-23604
FitNesse has multiple CVEs describing a cross-site scripting (CWE-79) vulnerability affecting FitNesse all releases. CVE-2024-23604 (and related CVEs 2024-28039, 2024-28128) allow a remote unauthenticated attacker to cause arbitrary script execution in a user’s browser via a link with crafted par...
CVE-2024-23604
Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters...
CVE-2024-23604
Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters...
Multiple vulnerabilities in FitNesse
Overview FitNesse contains multiple vulnerabilities listed below. Multiple cross-site scripting CWE-79 - CVE-2024-23604, CVE-2024-28128 Improper restriction of XML external entity references CWE-611 -CVE-2024-28039 OS command injection CWE-78 - CVE-2024-28125 CVE-2024-23604, CVE-2024-28039,...