Unrated severityNVD Advisory· Published May 4, 2023· Updated Jan 29, 2025
XSS in the tooltip via an artifact title
CVE-2023-30619
Description
Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/Enalean/tuleap/commit/fdc93a736cbccad05de16ff0cc7cc3ef18dc93dfmitrex_refsource_MISC
- github.com/Enalean/tuleap/security/advisories/GHSA-7fm3-cr3g-5922mitrex_refsource_CONFIRM
- tuleap.net/plugins/git/tuleap/tuleap/stablemitrex_refsource_MISC
- tuleap.net/plugins/tracker/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.