How severe is CVE-2025-27156?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.1 out of 10.

What type of vulnerability is CVE-2025-27156?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2025-27156

MEDIUM Year: 2025

CVSS v3 Score

4.1

Medium

Weakness Type

CWE-79

View all →

Vulnerability Description

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail clients. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740567344 and Tuleap Enterprise Edition 16.4-6 and 16.3-11.

CVE-2019-15706

MEDIUM

CVSS:4.1(Medium)

An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below and FortiOS version 6.2.1 and below, version 6.0.8 and below, ...

CWE-792019

CVE-2020-7303

MEDIUM

CVSS:4.1(Medium)

Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new la...

CWE-792020

CVE-2021-3841

MEDIUM

CVSS:4.1(Medium)

sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that ...

CWE-792021

CVE-2022-26888

MEDIUM

CVSS:4.1(Medium)

Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.

CWE-792022