Vulnerability Details CVE-2024-28128
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.0%
CVSS Severity
CVSS v3 Score 6.1
References
- http://fitnesse.org/FitNesseDownload
- https://github.com/unclebob/fitnesse
- https://github.com/unclebob/fitnesse/blob/master/SECURITY.md
- https://jvn.jp/en/jp/JVN94521208/
- http://fitnesse.org/FitNesseDownload
- https://github.com/unclebob/fitnesse
- https://github.com/unclebob/fitnesse/blob/master/SECURITY.md
- https://jvn.jp/en/jp/JVN94521208/
Products affected by CVE-2024-28128
-
cpe:2.3:a:cleancoder:fitnesse:-
-
cpe:2.3:a:cleancoder:fitnesse:20090112
-
cpe:2.3:a:cleancoder:fitnesse:20090214
-
cpe:2.3:a:cleancoder:fitnesse:20090321
-
cpe:2.3:a:cleancoder:fitnesse:20090513
-
cpe:2.3:a:cleancoder:fitnesse:20090818
-
cpe:2.3:a:cleancoder:fitnesse:20091121
-
cpe:2.3:a:cleancoder:fitnesse:20100103
-
cpe:2.3:a:cleancoder:fitnesse:20100303
-
cpe:2.3:a:cleancoder:fitnesse:20101101
-
cpe:2.3:a:cleancoder:fitnesse:20110104
-
cpe:2.3:a:cleancoder:fitnesse:20111025
-
cpe:2.3:a:cleancoder:fitnesse:20121009
-
cpe:2.3:a:cleancoder:fitnesse:20121220
-
cpe:2.3:a:cleancoder:fitnesse:20130530
-
cpe:2.3:a:cleancoder:fitnesse:20130911
-
cpe:2.3:a:cleancoder:fitnesse:20131001
-
cpe:2.3:a:cleancoder:fitnesse:20131003
-
cpe:2.3:a:cleancoder:fitnesse:20131015
-
cpe:2.3:a:cleancoder:fitnesse:20131016
-
cpe:2.3:a:cleancoder:fitnesse:20131110
-
cpe:2.3:a:cleancoder:fitnesse:20131119
-
cpe:2.3:a:cleancoder:fitnesse:20140130
-
cpe:2.3:a:cleancoder:fitnesse:20140201
-
cpe:2.3:a:cleancoder:fitnesse:20140203
-
cpe:2.3:a:cleancoder:fitnesse:20140418
-
cpe:2.3:a:cleancoder:fitnesse:20140623
-
cpe:2.3:a:cleancoder:fitnesse:20140630
-
cpe:2.3:a:cleancoder:fitnesse:20140705
-
cpe:2.3:a:cleancoder:fitnesse:20140717
-
cpe:2.3:a:cleancoder:fitnesse:20140901
-
cpe:2.3:a:cleancoder:fitnesse:20150106
-
cpe:2.3:a:cleancoder:fitnesse:20150114
-
cpe:2.3:a:cleancoder:fitnesse:20150119
-
cpe:2.3:a:cleancoder:fitnesse:20150202
-
cpe:2.3:a:cleancoder:fitnesse:20150217
-
cpe:2.3:a:cleancoder:fitnesse:20150218
-
cpe:2.3:a:cleancoder:fitnesse:20150223
-
cpe:2.3:a:cleancoder:fitnesse:20150226
-
cpe:2.3:a:cleancoder:fitnesse:20150424
-
cpe:2.3:a:cleancoder:fitnesse:20150814
-
cpe:2.3:a:cleancoder:fitnesse:20151230
-
cpe:2.3:a:cleancoder:fitnesse:20160515
-
cpe:2.3:a:cleancoder:fitnesse:20160527
-
cpe:2.3:a:cleancoder:fitnesse:20160601
-
cpe:2.3:a:cleancoder:fitnesse:20160618
-
cpe:2.3:a:cleancoder:fitnesse:20161105
-
cpe:2.3:a:cleancoder:fitnesse:20161106
-
cpe:2.3:a:cleancoder:fitnesse:20171015
-
cpe:2.3:a:cleancoder:fitnesse:20171210
-
cpe:2.3:a:cleancoder:fitnesse:20171212
-
cpe:2.3:a:cleancoder:fitnesse:20180127
-
cpe:2.3:a:cleancoder:fitnesse:20181221
-
cpe:2.3:a:cleancoder:fitnesse:20181222
-
cpe:2.3:a:cleancoder:fitnesse:20181223
-
cpe:2.3:a:cleancoder:fitnesse:20181224
-
cpe:2.3:a:cleancoder:fitnesse:20190110
-
cpe:2.3:a:cleancoder:fitnesse:20190118
-
cpe:2.3:a:cleancoder:fitnesse:20190119
-
cpe:2.3:a:cleancoder:fitnesse:20190127
-
cpe:2.3:a:cleancoder:fitnesse:20190202
-
cpe:2.3:a:cleancoder:fitnesse:20190216
-
cpe:2.3:a:cleancoder:fitnesse:20190224
-
cpe:2.3:a:cleancoder:fitnesse:20190406
-
cpe:2.3:a:cleancoder:fitnesse:20190409
-
cpe:2.3:a:cleancoder:fitnesse:20190416
-
cpe:2.3:a:cleancoder:fitnesse:20190417
-
cpe:2.3:a:cleancoder:fitnesse:20190418
-
cpe:2.3:a:cleancoder:fitnesse:20190421
-
cpe:2.3:a:cleancoder:fitnesse:20190428
-
cpe:2.3:a:cleancoder:fitnesse:20190508
-
cpe:2.3:a:cleancoder:fitnesse:20190620
-
cpe:2.3:a:cleancoder:fitnesse:20190628
-
cpe:2.3:a:cleancoder:fitnesse:20190716
-
cpe:2.3:a:cleancoder:fitnesse:20191110
-
cpe:2.3:a:cleancoder:fitnesse:20191217
-
cpe:2.3:a:cleancoder:fitnesse:20191229
-
cpe:2.3:a:cleancoder:fitnesse:20200108
-
cpe:2.3:a:cleancoder:fitnesse:20200128
-
cpe:2.3:a:cleancoder:fitnesse:20200205
-
cpe:2.3:a:cleancoder:fitnesse:20200304
-
cpe:2.3:a:cleancoder:fitnesse:20200307
-
cpe:2.3:a:cleancoder:fitnesse:20200308
-
cpe:2.3:a:cleancoder:fitnesse:20200404
-
cpe:2.3:a:cleancoder:fitnesse:20200501
-
cpe:2.3:a:cleancoder:fitnesse:20201213
-
cpe:2.3:a:cleancoder:fitnesse:20210410
-
cpe:2.3:a:cleancoder:fitnesse:20210516
-
cpe:2.3:a:cleancoder:fitnesse:20210605
-
cpe:2.3:a:cleancoder:fitnesse:20210606
-
cpe:2.3:a:cleancoder:fitnesse:20211006
-
cpe:2.3:a:cleancoder:fitnesse:20211030