101 matches found
Command Injection
org.fitnesse:fitnesse is vulnerable to Command Injection. The vulnerability is due to improper validation of user-supplied input, which allows a remote authenticated attacker to inject and execute arbitrary operating system commands...
EUVD-2024-25275
Malicious code in bioql PyPI...
EUVD-2024-3373
Malicious code in bioql PyPI...
EUVD-2024-1037
Malicious code in bioql PyPI...
EUVD-2024-3297
Malicious code in bioql PyPI...
EUVD-2022-4606
Malicious code in bioql PyPI...
CVE-2024-23604
Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters...
CVE-2024-28128
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...
CVE-2024-28125
FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation...
CVE-2024-42499
Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file contents under specif...
CVE-2024-39610
Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product...
CVE-2020-2120
Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...
com.elega9t:fitnesse-params (=0.0.1), com.github.andreptb:fitnesse-maven-runner-plugin (>=0.2.0 <=0.2.1) +69 more potentially affected by CVE-2024-42499 via org.fitnesse:fitnesse (>=20050731 <=20240707)
org.fitnesse:fitnesse MAVEN version =20050731, =0.2.0, =0.1.0, =2.0.2-BETA-1, =1.0.6, =1.0.0, =1.0.0, =1.2.1, =1.0.1, =1.1.0, =1.0.0, =1.0.0, =1.6.0, =1.6.5 and more Source cves: CVE-2024-42499 Source advisory: OSV:GHSA-Q297-5FF8-HC92...
GHSA-PG82-9W35-3W3R FitNesse Cross-site scripting
Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product...
com.elega9t:fitnesse-params (=0.0.1), com.github.andreptb:fitnesse-maven-runner-plugin (>=0.2.0 <=0.2.1) +69 more potentially affected by CVE-2024-39610 via org.fitnesse:fitnesse (>=20050731 <=20240707)
org.fitnesse:fitnesse MAVEN version =20050731, =0.2.0, =0.1.0, =2.0.2-BETA-1, =1.0.6, =1.0.0, =1.0.0, =1.2.1, =1.0.1, =1.1.0, =1.0.0, =1.0.0, =1.6.0, =1.6.5 and more Source cves: CVE-2024-39610 Source advisory: OSV:GHSA-PG82-9W35-3W3R...
FitNesse Path Traversal
Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file contents under specif...
GHSA-Q297-5FF8-HC92 FitNesse Path Traversal
Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file contents under specif...
FitNesse Cross-site scripting
Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product...
CVE-2024-39610
Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product...
CVE-2024-42499
Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file contents under specif...