CVE-2025-54877 Tuleap's special and always there fields permissions are not verified in cross-tracker search

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition versions before 16.10.99.1754050155 and Tuleap Enterprise Edition versions before 16.9-8 and before 16.10-5, an attacker can access to the content of the special...

Reposilite artifacts vulnerable to Stored Cross-site Scripting

Summary Reposilite v3.5.10 is affected by Stored Cross-Site Scripting XSS when displaying artifact's content in the browser. Details As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The...

CVE-2024-36115

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies i...

CVE-2024-36115 Stored Cross site scripting in Reposilite artifacts

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies i...

PT-2024-26902 · Unknown · Reposilite

Name of the Vulnerable Software and Affected Versions: Reposilite versions prior to 3.5.12 Description: The issue lies in the fact that the artifact's content is served via the same origin as the Admin UI. If the artifact contains HTML content with javascript inside, the javascript is executed...