Vulnerabilities > CVE-2024-23604 - Unspecified vulnerability in Cleancoder Fitnesse

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

cleancoder

NVD

Published: 2024-03-18

Updated: 2024-11-21

Summary

Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters.

Vulnerable Configurations

Part	Description	Count
Application	Cleancoder Cleancoder Fitnesse -	1

References

http://fitnesse.org/FitNesseDownload
http://fitnesse.org/FitNesseDownload
https://github.com/unclebob/fitnesse
https://github.com/unclebob/fitnesse
https://github.com/unclebob/fitnesse/blob/master/SECURITY.md
https://github.com/unclebob/fitnesse/blob/master/SECURITY.md
https://jvn.jp/en/jp/JVN94521208/
https://jvn.jp/en/jp/JVN94521208/