Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.fitnesse:fitnesse(Maven) | 0 | 20220319 | N/A |
CVSS Metrics
