Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fitnesse vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-1216
FitNesse Wiki 20131110, 20140201, and previous versions allows remote malicious users to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
Fitnesse Fitnesse Wiki
Fitnesse Fitnesse Wiki 20131110
1 EDB exploit
8.8
CVSSv3
CVE-2020-2120
Jenkins FitNesse Plugin 1.30 and previous versions does not configure the XML parser to prevent XML external entity (XXE) attacks.
Jenkins Fitnesse
5.4
CVSSv3
CVE-2020-2175
Jenkins FitNesse Plugin 1.31 and previous versions does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin.
Jenkins Fitnesse
NA
CVE-2024-28125
FitNesse all releases allows a remote authenticated malicious user to execute arbitrary OS commands.
NA
CVE-2024-28039
Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated malicious user to obtain sensitive information, alter data, or cause a denial-of-service (DoS) condition.
NA
CVE-2024-23604
Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated malicious user to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters.
NA
CVE-2024-28128
Cross-site scripting vulnerability exists in FitNesse releases before 20220319, which may allow a remote unauthenticated malicious user to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain par...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started