Vulnerabilities > CVE-2024-28128 - Unspecified vulnerability in Cleancoder Fitnesse
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://fitnesse.org/FitNesseDownload
- http://fitnesse.org/FitNesseDownload
- https://github.com/unclebob/fitnesse
- https://github.com/unclebob/fitnesse
- https://github.com/unclebob/fitnesse/blob/master/SECURITY.md
- https://github.com/unclebob/fitnesse/blob/master/SECURITY.md
- https://jvn.jp/en/jp/JVN94521208/
- https://jvn.jp/en/jp/JVN94521208/