Lucene search
+L

5 matches found

vulnersosv
vulnersosv
added 2024/03/18 9:30 a.m.10 views

com.elega9t:fitnesse-params (=0.0.1), com.github.andreptb:fitnesse-maven-runner-plugin (>=0.2.0 <=0.2.1) +68 more potentially affected by CVE-2024-28128 via org.fitnesse:fitnesse (>=20050731 <=20211030)

org.fitnesse:fitnesse MAVEN version =20050731, =0.2.0, =0.1.0, =BETA-V1.00, =1.0.6, =1.0.0, =1.0.0, =1.2.1, =1.0.1, =1.1.0, =1.0.0, =1.0.0, =1.6.0, =1.6.5 and more Source cves: CVE-2024-28128 Source advisory: OSV:GHSA-MJQ8-GG9X-87GR...

6.1CVSS7.6AI score0.0057EPSS
Exploits0
nvd
nvd
added 2024/03/18 8:15 a.m.18 views

CVE-2024-28128

Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...

6.1CVSS6.7AI score0.0057EPSS
Exploits0References4
cve
cve
added 2024/03/18 7:31 a.m.54 views

CVE-2024-28128

CVE-2024-28128 affects FitNesse prior to the 20220319 release. The vulnerability is a cross-site scripting (XSS) flaw that may allow a remote, unauthenticated attacker to run arbitrary scripts in the web browser of a user loading a crafted link, as described in multiple sources. The issue is asso...

6.1CVSS6.9AI score0.0057EPSS
Exploits0References4Affected Software1
osv
osv
added 2024/03/18 7:31 a.m.4 views

CVE-2024-28128

Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...

6.1CVSS6.3AI score0.0057EPSS
Exploits0References6
jvn
jvn
added 2024/03/18 5:8 a.m.6 views

Multiple vulnerabilities in FitNesse

Overview FitNesse contains multiple vulnerabilities listed below. Multiple cross-site scripting CWE-79 - CVE-2024-23604, CVE-2024-28128 Improper restriction of XML external entity references CWE-611 -CVE-2024-28039 OS command injection CWE-78 - CVE-2024-28125 CVE-2024-23604, CVE-2024-28039,...

9.8CVSS6.9AI score0.00992EPSS
Exploits0References11
Rows per page
Query Builder