org.fitnesse:fitnesse 20080702 vulnerabilities

Known vulnerabilities in the org.fitnesse:fitnesse package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper HTML escaping of user-supplied input. An attacker can execute arbitrary scripts in the context of the user's browser session by injecting malicious scripts into input fields that are improperly sanitized. How to fix Cross-site Scripting (XSS)? Upgrade `org.fitnesse:fitnesse` to version 20241026 or higher.	[,20241026)
M Directory Traversal org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software. Affected versions of this package are vulnerable to Directory Traversal due to the improper handling of file paths. An attacker can determine the presence of specific files and potentially access file contents under certain conditions. How to fix Directory Traversal? Upgrade `org.fitnesse:fitnesse` to version 20241026 or higher.	[,20241026)
M Cross-site Scripting (XSS) org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization passed into a certain parameter. An attacker can inject and execute arbitrary script code in the context of the user's browser session by crafting a link containing a malicious parameter and convincing the user to click on it. How to fix Cross-site Scripting (XSS)? Upgrade `org.fitnesse:fitnesse` to version 20220319 or higher.	[,20220319)
H Command Injection org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software. Affected versions of this package are vulnerable to Command Injection. An authenticated attacker can execute arbitrary OS commands by sending crafted requests. Note: It is recommended to use FitNesse Safely as decribed in the Security Policy . How to fix Command Injection? There is no fixed version for `org.fitnesse:fitnesse`.	[0,)
M Improper Restriction of XML External Entity Reference org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software. Affected versions of this package are vulnerable to Improper Restriction of XML External Entity Reference allowing an attacker to obtain sensitive information, alter data or cause a denial-of-service condition. How to fix Improper Restriction of XML External Entity Reference? There is no fixed version for `org.fitnesse:fitnesse`.	[0,)
M Cross-site Scripting (XSS) org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). This may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters. Note: It is recommended to use FitNesse Safely as decribed in the Security Policy . How to fix Cross-site Scripting (XSS)? Upgrade `org.fitnesse:fitnesse` to version 20220319 or higher.	[,20220319)
H Arbitrary Command Execution org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software. Affected versions of this package are vulnerable to Arbitrary Command Execution. FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a `COMMAND_PATTERN` and `TEST_RUNNER` in the pageContent parameter when editing a page. How to fix Arbitrary Command Execution? Upgrade `org.fitnesse:fitnesse` to version 20140201 or higher.	[0,20140201)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper HTML escaping of user-supplied input. An attacker can execute arbitrary scripts in the context of the user's browser session by injecting malicious scripts into input fields that are improperly sanitized.

How to fix Cross-site Scripting (XSS)?

Upgrade org.fitnesse:fitnesse to version 20241026 or higher.

[,20241026)

Directory Traversal

org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software.

Affected versions of this package are vulnerable to Directory Traversal due to the improper handling of file paths. An attacker can determine the presence of specific files and potentially access file contents under certain conditions.

How to fix Directory Traversal?

Upgrade org.fitnesse:fitnesse to version 20241026 or higher.

[,20241026)

Cross-site Scripting (XSS)

org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization passed into a certain parameter. An attacker can inject and execute arbitrary script code in the context of the user's browser session by crafting a link containing a malicious parameter and convincing the user to click on it.

How to fix Cross-site Scripting (XSS)?

Upgrade org.fitnesse:fitnesse to version 20220319 or higher.

[,20220319)

Command Injection

org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software.

Affected versions of this package are vulnerable to Command Injection. An authenticated attacker can execute arbitrary OS commands by sending crafted requests.

Note: It is recommended to use FitNesse Safely as decribed in the Security Policy .

How to fix Command Injection?

There is no fixed version for org.fitnesse:fitnesse.

[0,)

Improper Restriction of XML External Entity Reference

org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software.

Affected versions of this package are vulnerable to Improper Restriction of XML External Entity Reference allowing an attacker to obtain sensitive information, alter data or cause a denial-of-service condition.

How to fix Improper Restriction of XML External Entity Reference?

There is no fixed version for org.fitnesse:fitnesse.

[0,)

Cross-site Scripting (XSS)

org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). This may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters.

Note: It is recommended to use FitNesse Safely as decribed in the Security Policy .

How to fix Cross-site Scripting (XSS)?

Upgrade org.fitnesse:fitnesse to version 20220319 or higher.

[,20220319)

Arbitrary Command Execution

org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software.

Affected versions of this package are vulnerable to Arbitrary Command Execution. FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.

How to fix Arbitrary Command Execution?

Upgrade org.fitnesse:fitnesse to version 20140201 or higher.

[0,20140201)

org.fitnesse:fitnesse@20080702 vulnerabilities

latest version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

How to fix?