Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1wZzgyLTl3MzUtM3czcs4ABBYR

FitNesse Cross-site scripting

Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.

Permalink: https://github.com/advisories/GHSA-pg82-9w35-3w3r
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wZzgyLTl3MzUtM3czcs4ABBYR
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 6 days ago
Updated: about 12 hours ago

CVSS Score: 6.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-pg82-9w35-3w3r, CVE-2024-39610
References:

Repository: https://github.com/unclebob/fitnesse
Blast Radius: 16.7

Affected Packages

maven:org.fitnesse:fitnesse

Dependent packages: 82
Dependent repositories: 552
Downloads:
Affected Version Ranges: < 20241026
Fixed in: 20241026
All affected versions:
All unaffected versions: