Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. An agile dashboard administrator deleting a kanban with a malicious label can be forced to execute uncontrolled code. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-08-24T22:40:02.274Z
Updated: 2024-08-02T18:10:21.142Z
Reserved: 2023-08-03T16:27:36.262Z
Link: CVE-2023-39521
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-08-24T23:15:09.000
Modified: 2023-08-30T17:43:59.497
Link: CVE-2023-39521
Redhat
No data.