Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-30203

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this vulnerability to force victims to execute uncontrolled code. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742562878 and Tuleap Enterprise Edition 16.5-5 and 16.4-8.

Published

2025-03-31T16:15:25.473

Last Modified

2025-08-21T22:03:06.790

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79
CWE-84
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	enalean	tuleap	< 16.4-8	Yes
Application	enalean	tuleap	< 16.5.99.1742562878	Yes
Application	enalean	tuleap	< 16.5-5	Yes

References

https://github.com/Enalean/tuleap/commit/54cce3f5e883d16055cb0239e023f48cdf5eb25f Patch ([email protected])
https://github.com/Enalean/tuleap/security/advisories/GHSA-39gx-34fc-rx6r Third Party Advisory ([email protected])
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=54cce3f5e883d16055cb0239e023f48cdf5eb25f Broken Link ([email protected])
https://tuleap.net/plugins/tracker/?aid=42243 Vendor Advisory ([email protected])