CVE-2024-39610 MEDIUM

CVE-2024-39610

Vendor Unclebob

Product FitNesse

Weakness CWE-79 · XSS

Published November 15, 2024

Last update November 15, 2024

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.

Key dates

02Disclosure timeline

November 15, 2024 CVE published

November 15, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-39610 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-34405 Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes CVE-2022-0595 Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Unauthenticated Stored XSS CVE-2021-24232 Advanced Booking Calendar < 1.6.8 - Authenticated Reflected Cross-Site Scripting (XSS) CVE-2024-32767 Photo Station CVE-2024-29775 WordPress Frontend Dashboard plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability