org.fitnesse:fitnesse@20240707 vulnerabilities

org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper HTML escaping of user-supplied input. An attacker can execute arbitrary scripts in the context of the user's browser session by injecting malicious scripts into input fields that are improperly sanitized.

Upgrade org.fitnesse:fitnesse to version 20241026 or higher.

org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software.

Affected versions of this package are vulnerable to Directory Traversal due to the improper handling of file paths. An attacker can determine the presence of specific files and potentially access file contents under certain conditions.

Upgrade org.fitnesse:fitnesse to version 20241026 or higher.

org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software.

Affected versions of this package are vulnerable to Command Injection. An authenticated attacker can execute arbitrary OS commands by sending crafted requests.

Note: It is recommended to use FitNesse Safely as decribed in the Security Policy .

There is no fixed version for org.fitnesse:fitnesse.

org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software.

Affected versions of this package are vulnerable to Improper Restriction of XML External Entity Reference allowing an attacker to obtain sensitive information, alter data or cause a denial-of-service condition.

There is no fixed version for org.fitnesse:fitnesse.