CVE-2025-29766

MEDIUM Year: 2025
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap has missing CSRF protections on artifact submission & edition from the tracker view. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. The vulnerability is fixed in Tuleap Community Edition 16.5.99.1741784483 and Tuleap Enterprise Edition 16.5-3 and 16.4-8.

Related Vulnerabilities

CVE-2016-3004

MEDIUM
CVSS:4.6(Medium)

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary user...

CWE-3522016

CVE-2019-10199

MEDIUM
CVSS:4.6(Medium)

It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing opera...

CWE-3522019

CVE-2019-20480

MEDIUM
CVSS:4.6(Medium)

In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is...

CWE-3522019

CVE-2021-3957

MEDIUM
CVSS:4.6(Medium)

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)

CWE-3522021

CVE-2024-13096

MEDIUM
CVSS:4.6(Medium)

The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored X...

CWE-3522024

CVE-2024-3993

MEDIUM
CVSS:4.6(Medium)

The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XS...

CWE-3522024