CVE-2024-39610

MEDIUM6.1EPSS 0.29%

FitNesse Cross-site scripting

Published: 11/15/2024Modified: 11/20/2024

Description

Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.

Affected packages (1)

Maven/org.fitnesse:fitnessefrom 0, < 20241026

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-39610
PATCHhttps://github.com/unclebob/fitnesse
WEBhttps://fitnesse.org/FitNesseDownload
WEBhttps://github.com/unclebob/fitnesse/releases/tag/20241026
WEBhttps://jvn.jp/en/jp/JVN36791327