3 matches found
CVE-2024-23604
FitNesse has multiple CVEs describing a cross-site scripting (CWE-79) vulnerability affecting FitNesse all releases. CVE-2024-23604 (and related CVEs 2024-28039, 2024-28128) allow a remote unauthenticated attacker to cause arbitrary script execution in a user’s browser via a link with crafted par...
CVE-2024-39610
CVE-2024-39610 is a cross-site scripting vulnerability in FitNesse releases prior to 20241026. The issue could allow an arbitrary script to run in the web browser of users consuming the affected software. The Connected documents confirm the vulnerability in FitNesse and note the fixed version as ...
CVE-2024-28128
CVE-2024-28128 affects FitNesse prior to the 20220319 release. The vulnerability is a cross-site scripting (XSS) flaw that may allow a remote, unauthenticated attacker to run arbitrary scripts in the web browser of a user loading a crafted link, as described in multiple sources. The issue is asso...