Unrated severityNVD Advisory· Published Mar 31, 2025· Updated Mar 31, 2025

Tuleap allows XSS via the content of RSS feeds in the RSS widgets

CVE-2025-30203

Description

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this vulnerability to force victims to execute uncontrolled code. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742562878 and Tuleap Enterprise Edition 16.5-5 and 16.4-8.

Affected products

Enalean/Tuleapv5
Range: < 16.5.99.1742562878

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Enalean/tuleap/commit/54cce3f5e883d16055cb0239e023f48cdf5eb25fmitrex_refsource_MISC
github.com/Enalean/tuleap/security/advisories/GHSA-39gx-34fc-rx6rmitrex_refsource_CONFIRM
tuleap.net/plugins/git/tuleap/tuleap/stablemitrex_refsource_MISC
tuleap.net/plugins/tracker/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000