CVE-2024-39610
FitNesse Cross-site scripting
6.1
MEDIUM
CVSS 3.1
EPSS 0.29%
Description
Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.
How to fix CVE-2024-39610
To remediate CVE-2024-39610, upgrade the affected package to a fixed version below.
- Maven/org.fitnesse:fitnesse—upgrade to 20241026 or later
Is CVE-2024-39610 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 20241026
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |