CVE-2023-35929
Summary
| CVE | CVE-2023-35929 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-07-25 18:15:00 UTC |
| Updated | 2023-08-02 18:54:00 UTC |
| Description | Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. A malicious user with the capability to create an artifact or to edit a field used as a card field could force victim to execute uncontrolled code. Tuleap Community Edition 14.10.99.4, Tuleap Enterprise Edition 14.10-2, and Tuleap Enterprise Edition 14.9-5 contain a fix. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| XSS in the card field of the agile dashboard apps · Advisory · Enalean/tuleap · GitHub | MISC | github.com | |
| Git - Tuleap | MISC | tuleap.net | |
| XSS in the card field of the agile dashboard apps - request #32629 - Requests - Tuleap | MISC | tuleap.net | |
| Fixes request #32629: XSS in the card field of the agile dashboard apps · Enalean/tuleap@0b2945f · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.