CNNVD-202507-3658 Information
CNNVD ID
CNNVD-202507-3658
Related CVE
- CNNVD Published: 2025-07-29
Description (Chinese)
Enalean Tuleap Community Edition和Enalean Tuleap Enterprise Edition都是Enalean开源的一个开源套件,旨在改善软件开发和协作的管理。 Enalean Tuleap Community Edition 16.9.99.1751892857之前版本和Enalean Tuleap Enterprise Edition 16.8-5和16.9-3之前版本存在跨站脚本漏洞,该漏洞源于恶意用户可能插入恶意代码,可能导致执行不受控代码。
Description (English)
Enalean Tuleap Community Edition and Enalean Tuleap Enterprise Edition are open-source packages from the Enalean Open Source to improve software development and collaborative management. The pre-Enalean Tuleap Commission 16.9.99.17518928557 and pre-Enalean Tuleap Enterprise 16.8-5 and 16.9-3 have cross-site script gaps, which stem from the possibility that malicious users may insert malicious codes and may lead to the execution of uncontrolled codes.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Enalean
Published
2025-07-29
Last Modified
2026-02-24
References
http://github.com/Enalean/tuleap/commit/c1aec8247697d63dc4af791ecd6bd70d105ded08 https://github.com/Enalean/tuleap/security/advisories/GHSA-6r66-j76j-rwhw https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=c1aec8247697d63dc4af791ecd6bd70d105ded08 https://tuleap.net/plugins/tracker/?aid=43693
Patch
https://github.com/Enalean/tuleap/tags
Share on: