从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞编号:JVN#36791327 2. 漏洞名称:Multiple vulnerabilities in FitNesse 3. 受影响的产品:FitNesse releases prior to 20241026 4. 漏洞描述: - Cross-site scripting (CWE-79):CVSS Base Score 6.1,CVE-2024-39610 - Path traversal (CWE-22):CVSS Base Score 5.3,CVE-2024-42499 5. 影响: - 任意脚本可能在使用产品的用户浏览器上执行(CVE-2024-39610) - 攻击者可能在特定条件下知道文件是否存在,并/或获取文件部分内容(CVE-2024-42499) 6. 解决方案:更新软件到最新版本(FitNesse release 20241026) 7. 供应商状态: - 供应商:unclebob - 链接:Release 20241026 / fitnesse · GitHub - 官方发布:FitNess Official release 8. 参考链接: - JPCERT/CC Addendum - Vulnerability Analysis by JPCERT/CC - Credit:Takeshi Kaneko of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. 9. 其他信息: - JPCERT Alert - JPCERT Reports - CERT Advisory - CPNI Advisory - TRnotes - CVE:CVE-2024-39610,CVE-2024-42499 - JVN iPedia:JVNDB-2024-000119 这些信息提供了关于FitNesse漏洞的详细描述、影响、解决方案以及相关参考链接。