exploitDog

CVE-2024-39610

Опубликовано: 15 нояб. 2024

Источник: nvd

CVSS3: 6.1

CVSS3: 6.1

EPSS Низкий

Описание

Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.

Ссылки

https://fitnesse.org/FitNesseDownload
Release Notes
https://github.com/unclebob/fitnesse/releases/tag/20241026
Release Notes
https://jvn.jp/en/jp/JVN36791327/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cleancoder:fitnesse:*:*:*:*:*:*:*:*

Версия до 20241026 (исключая)

EPSS

Процентиль: 37%

0.00162

Низкий

6.1 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-pg82-9w35-3w3r

CVSS3: 6.1

github

около 1 года назад

FitNesse Cross-site scripting

EPSS

Процентиль: 37%

0.00162

Низкий

6.1 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79