5 matches found
CVE-2025-64482
Tuleap CSRF vulnerability (CVE-2025-64482) affects File Release System in Tuleap Community Edition before 16.13.99.1762267347 and Tuleap Enterprise Edition before 17.01-, 16.13-6, or 16.12-9. The issue arises from lack of cross-site request forgery protections, potentially allowing an attacker to...
Linux Distros Unpatched Vulnerability : CVE-2023-38059
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the I...
CVE-2025-24388 Unsafe handling of AJAX calls
A vulnerability in the OTRS Admin Interface and Agent Interface versions before OTRS 8 allow parameter injection due to for an autheniticated agent or admin user. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS 2025.X OTRS Community Edition: 6.0.x Products based on the OTRS...
CVE-2024-43445
A vulnerability exists in OTRS and OTRS Community Edition that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended. This issue affects:...
PT-2021-7108 · Unknown +1 · Tuleap Community Edition +3
Name of the Vulnerable Software and Affected Versions: Tuleap versions prior to 13.2.99.31 Community Edition Tuleap versions prior to 13.1-5 Enterprise Edition Tuleap versions prior to 13.2-3 Enterprise Edition Description: The issue arises from improper sanitization of the search filter built fr...