Описание
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked documents. A malicious user with the capability to create a document could force victim to execute uncontrolled code. Users are advised to upgrade. There are no known workarounds for this issue.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchVendor Advisory
- Issue TrackingVendor Advisory
- PatchThird Party Advisory
- Third Party Advisory
- PatchVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 13.9.99.111 (исключая)Версия от 13.8.0 (включая) до 13.8.6 (исключая)Версия от 13.9.0 (включая) до 13.9.3 (исключая)
Одно из
cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*
cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 66%
0.00506
Низкий
6.5 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
EPSS
Процентиль: 66%
0.00506
Низкий
6.5 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79