Vulnerabilites related to cleancoder - fitnesse
Vulnerability from fkie_nvd
Published
2024-11-15 06:15
Modified
2024-11-20 15:02
Severity ?
Summary
Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://fitnesse.org/FitNesseDownload | Release Notes | |
| vultures@jpcert.or.jp | https://github.com/unclebob/fitnesse/releases/tag/20241026 | Release Notes | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN36791327/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cleancoder | fitnesse | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cleancoder:fitnesse:*:*:*:*:*:*:*:*", matchCriteriaId: "206E6E9F-7F17-4B8E-BC3C-06B4E0854501", versionEndExcluding: "20241026", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.", }, { lang: "es", value: "Existe una vulnerabilidad de Cross Site Scripting en las versiones de FitNesse anteriores a la 20241026. Si se explota esta vulnerabilidad, se puede ejecutar una secuencia de comandos arbitraria en el navegador web del usuario que esté usando el producto.", }, ], id: "CVE-2024-39610", lastModified: "2024-11-20T15:02:14.297", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "vultures@jpcert.or.jp", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-11-15T06:15:04.667", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Release Notes", ], url: "https://fitnesse.org/FitNesseDownload", }, { source: "vultures@jpcert.or.jp", tags: [ "Release Notes", ], url: "https://github.com/unclebob/fitnesse/releases/tag/20241026", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN36791327/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "vultures@jpcert.or.jp", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-18 08:15
Modified
2025-03-27 20:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cleancoder | fitnesse | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cleancoder:fitnesse:-:*:*:*:*:*:*:*", matchCriteriaId: "71A59A29-FEB6-49B6-9B52-7E9CD485C8CC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters.", }, { lang: "es", value: "Existe una vulnerabilidad de cross-site scripting en todas las versiones de FitNesse, lo que puede permitir que un atacante remoto no autenticado ejecute un script arbitrario en el navegador web del usuario que utiliza el producto y accede a un enlace con múltiples parámetros especialmente manipulados.", }, ], id: "CVE-2024-23604", lastModified: "2025-03-27T20:15:23.137", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-18T08:15:06.233", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Product", "Release Notes", ], url: "http://fitnesse.org/FitNesseDownload", }, { source: "vultures@jpcert.or.jp", tags: [ "Product", ], url: "https://github.com/unclebob/fitnesse", }, { source: "vultures@jpcert.or.jp", tags: [ "Product", ], url: "https://github.com/unclebob/fitnesse/blob/master/SECURITY.md", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN94521208/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Release Notes", ], url: "http://fitnesse.org/FitNesseDownload", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/unclebob/fitnesse", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/unclebob/fitnesse/blob/master/SECURITY.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN94521208/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-18 08:15
Modified
2025-03-20 19:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cleancoder | fitnesse | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cleancoder:fitnesse:*:*:*:*:*:*:*:*", matchCriteriaId: "EF13B921-D37A-4163-B676-B56F7AA5587C", versionEndExcluding: "20220319", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter.", }, { lang: "es", value: "Existe una vulnerabilidad de cross-site scripting en las versiones de FitNesse anteriores a 20220319, lo que puede permitir que un atacante remoto no autenticado ejecute un script arbitrario en el navegador web del usuario que utiliza el producto y accede a un enlace con un determinado parámetro especialmente manipulado.", }, ], id: "CVE-2024-28128", lastModified: "2025-03-20T19:15:28.360", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-18T08:15:06.400", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Product", "Release Notes", ], url: "http://fitnesse.org/FitNesseDownload", }, { source: "vultures@jpcert.or.jp", tags: [ "Product", ], url: "https://github.com/unclebob/fitnesse", }, { source: "vultures@jpcert.or.jp", tags: [ "Product", ], url: "https://github.com/unclebob/fitnesse/blob/master/SECURITY.md", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN94521208/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Release Notes", ], url: "http://fitnesse.org/FitNesseDownload", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/unclebob/fitnesse", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/unclebob/fitnesse/blob/master/SECURITY.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN94521208/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
cve-2024-28128
Vulnerability from cvelistv5
Published
2024-03-18 07:31
Modified
2025-03-20 19:10
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-28128", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-20T15:28:48.322618Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T19:10:27.895Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:48:48.936Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/unclebob/fitnesse", }, { tags: [ "x_transferred", ], url: "http://fitnesse.org/FitNesseDownload", }, { tags: [ "x_transferred", ], url: "https://github.com/unclebob/fitnesse/blob/master/SECURITY.md", }, { tags: [ "x_transferred", ], url: "https://jvn.jp/en/jp/JVN94521208/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "FitNesse", vendor: "unclebob", versions: [ { status: "affected", version: "releases prior to 20220319", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting (XSS)", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-18T07:31:34.749Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://github.com/unclebob/fitnesse", }, { url: "http://fitnesse.org/FitNesseDownload", }, { url: "https://github.com/unclebob/fitnesse/blob/master/SECURITY.md", }, { url: "https://jvn.jp/en/jp/JVN94521208/", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2024-28128", datePublished: "2024-03-18T07:31:34.749Z", dateReserved: "2024-03-06T08:57:24.421Z", dateUpdated: "2025-03-20T19:10:27.895Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23604
Vulnerability from cvelistv5
Published
2024-03-18 07:26
Modified
2025-03-27 19:42
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23604", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-18T18:46:13.266065Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T19:42:26.596Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:06:25.309Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/unclebob/fitnesse", }, { tags: [ "x_transferred", ], url: "http://fitnesse.org/FitNesseDownload", }, { tags: [ "x_transferred", ], url: "https://github.com/unclebob/fitnesse/blob/master/SECURITY.md", }, { tags: [ "x_transferred", ], url: "https://jvn.jp/en/jp/JVN94521208/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "FitNesse", vendor: "unclebob", versions: [ { status: "affected", version: "all releases", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting (XSS)", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-18T07:26:06.510Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://github.com/unclebob/fitnesse", }, { url: "http://fitnesse.org/FitNesseDownload", }, { url: "https://github.com/unclebob/fitnesse/blob/master/SECURITY.md", }, { url: "https://jvn.jp/en/jp/JVN94521208/", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2024-23604", datePublished: "2024-03-18T07:26:06.510Z", dateReserved: "2024-03-06T08:57:21.955Z", dateUpdated: "2025-03-27T19:42:26.596Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39610
Vulnerability from cvelistv5
Published
2024-11-15 05:26
Modified
2024-11-15 17:54
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-39610", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T17:54:20.507189Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T17:54:38.148Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "FitNesse", vendor: "unclebob", versions: [ { status: "affected", version: "releases prior to 20241026", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Cross-site scripting (XSS)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-15T05:26:37.148Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://github.com/unclebob/fitnesse/releases/tag/20241026", }, { url: "https://fitnesse.org/FitNesseDownload", }, { url: "https://jvn.jp/en/jp/JVN36791327/", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2024-39610", datePublished: "2024-11-15T05:26:37.148Z", dateReserved: "2024-11-08T02:48:13.812Z", dateUpdated: "2024-11-15T17:54:38.148Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }