3 matches found
CVE-2025-53541
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain artifacts could inser...
CVE-2025-27099
Tuleap exposes an XSS vulnerability (CVE-2025-27099) in the semantic timeframe deletion message, via tracker names. The issue affects Tuleap’s tracker-name handling and can enable an administrator with a semantic timeframe used by other trackers to trick others into executing uncontrolled code. P...
Design/Logic Flaw
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a project may still be able to...