CVE-2023-30619

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-30619
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-30619.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-30619
Aliases
  • GHSA-7fm3-cr3g-5922
Published
2023-05-04T13:35:35.432Z
Modified
2026-04-10T04:57:53.616897Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
XSS in the tooltip via an artifact title
Details

Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143.

Database specific 
{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/30xxx/CVE-2023-30619.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/enalean/tuleap

Affected ranges

Type
GIT
Repo
https://github.com/enalean/tuleap
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
fdc93a736cbccad05de16ff0cc7cc3ef18dc93df
Type
GIT
Repo
https://github.com/enalean/tuleap
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
fdc93a736cbccad05de16ff0cc7cc3ef18dc93df

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-30619.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "14.7.99.76"
            },
            {
                "fixed": "14.7.99.143"
            }
        ]
    }
]