CVE-2023-30619 MEDIUM

CVE-2023-30619: XSS in the tooltip via an artifact title

Vendor Enalean

Product tuleap

Weakness CWE-79 · XSS

Published May 4, 2023

Last update January 29, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143.

Key dates

02Disclosure timeline

May 4, 2023 CVE published

January 29, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-30619

Related vulnerabilities

04Related CVE

CVE-2025-7887 Zavy86 WikiDocs template.inc.php cross site scripting CVE-2026-27121 Svelte affected by cross-site scripting via spread attributes in Svelte SSR CVE-2025-8624 Nexa Blocks <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Google Maps Widget CVE-2026-1444 iJason-Liu Books_Manager add_book_check.php cross site scripting CVE-2025-59991 Junos Space: Device Management pages are vulnerable to reflected cross-site script injection