Cross-Site Scripting Vulnerability in Tuleap Software Development Suite
CVE-2025-30203

4.8MEDIUM

Key Information:

Vendor

Enalean

Status
Tuleap
Vendor
CVE Published:
31 March 2025

What is CVE-2025-30203?

Tuleap, an Open Source Suite designed for enhanced software development and collaboration, has a vulnerability that allows cross-site scripting (XSS) through the content of RSS feeds utilized in its RSS widgets. This issue enables a project administrator or an individual controlling the RSS feed to execute arbitrary code, potentially compromising the security of affected systems. The vulnerability has been addressed in Tuleap Community Edition version 16.5.99.1742562878 and Tuleap Enterprise Edition versions 16.5-5 and 16.4-8.

Affected Version(s)

tuleap < 16.5.99.1742562878

References

https://github.com/Enalean/tuleap/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/Enalean/tuleap/commit/54cce3f5e883d160...
x_refsource_MISC
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=com...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.