Filtered by vendor Jenkins Subscriptions
Filtered by product Fitnesse Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-2175 1 Jenkins 1 Fitnesse 2024-11-21 5.4 Medium
Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin.
CVE-2020-2120 1 Jenkins 1 Fitnesse 2024-11-21 8.8 High
Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.