CVE-2025-30203
published 2025-03-31CVE-2025-30203: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the content of…
PriorityP421medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.26%
17.7th percentile
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this vulnerability to force victims to execute uncontrolled code. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742562878 and Tuleap Enterprise Edition 16.5-5 and 16.4-8.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| enalean | tuleap | < 16.4-8 | 16.4-8 |
| enalean | tuleap | < 16.5.99.1742562878 | 16.5.99.1742562878 |
| enalean | tuleap | >= 16.5 < 16.5-5 | 16.5-5 |
| msrc | azl3_emacs_29.1-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_emacs_29.3-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_emacs_28.2-6_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_emacs_29.3-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Enalean/tuleap/commit/54cce3f5e883d16055cb0239e023f48cdf5eb25fhttps://github.com/Enalean/tuleap/security/advisories/GHSA-39gx-34fc-rx6rhttps://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=54cce3f5e883d16055cb0239e023f48cdf5eb25fhttps://tuleap.net/plugins/tracker/?aid=42243
2025-03-31
Published