PT-2024-28552 · Fitnesse · Fitnesse

Takeshi Kaneko

Published

2024-11-15

Updated

2024-11-20

CVE-2024-39610

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions FitNesse versions prior to 20241026

Description A cross-site scripting issue exists, allowing an arbitrary script to be executed on the user's web browser if exploited.

Recommendations For versions prior to 20241026, update to a version released after 20241026 to resolve the issue. As a temporary workaround, consider restricting access to sensitive features or input fields to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-39610

GHSA-PG82-9W35-3W3R

Affected Products

Fitnesse

PT-2024-28552 · Fitnesse · Fitnesse

CVE-2024-39610

Weakness Enumeration

Related Identifiers

Affected Products

References · 12