{"id":"CVE-2024-28128","details":"Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter.","aliases":["GHSA-mjq8-gg9x-87gr"],"modified":"2026-04-10T05:11:58.052869Z","published":"2024-03-18T08:15:06.400Z","references":[{"type":"WEB","url":"https://github.com/unclebob/fitnesse/blob/master/SECURITY.md"},{"type":"ADVISORY","url":"https://jvn.jp/en/jp/JVN94521208/"},{"type":"ADVISORY","url":"http://fitnesse.org/FitNesseDownload"},{"type":"PACKAGE","url":"https://github.com/unclebob/fitnesse"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/unclebob/fitnesse","events":[{"introduced":"0"},{"fixed":"02ad4b4f2850fdb49f5f10e49efeac61f599f220"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"20220319"}]}}],"versions":["20090112","20090214","20090321","20090513","20090818","20091121","20100103","20110104","20130530","20131110","20140201","20150106","20150114","20150119","20150202","20150217","20150218","20150223","20150226","20150424","20150814","20151230","20160515","20160618","20161105","20161106","20171015","20171210","20171212","20180127","20181221","20181222","20181223","20181224","20190110","20190118","20190119","20190127","20190202","20190216","20190224","20190406","20190409","20190416","20190417","20190418","20190421","20190428","20190508","20190620","20190628","20190716","20191110","20191217","20191229","20200108","20200128","20200205","20200304","20200307","20200308","20200404","20200501","20201213","20210410","20210516","20210605","20210606","20211006","20211030","v20121009","v20130911","v20131001","v20131003","v20131015","v20131016","v20131119","v20140130","v20140203"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28128.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}