The title of an artifact is not properly escaped in the tooltip.
Impact
A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code.
Patches
The following version contain the fix:
- Tuleap Community Edition 14.7.99.143
For more information
If you have any questions or comments about this advisory, reach out to us via the contact information provided on the Tuleap.org security page.
References
The title of an artifact is not properly escaped in the tooltip.
Impact
A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code.
Patches
The following version contain the fix:
For more information
If you have any questions or comments about this advisory, reach out to us via the contact information provided on the Tuleap.org security page.
References