A reflected XSS could be injected via the parameters _srch of the Subversion revisions browsing page.
Impact
An attacker could use this vulnerability to force a victim to execute uncontrolled code.
CVSSv3 score: 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Exploitation
Go to https://<tuleap_url>/svn/?func=browse&group_id=<project_id>&_srch=a+onfocus%3Dalert(1)+autofocus
The JavaScript code will be executedonce the page is loaded.
References
https://cwe.mitre.org/data/definitions/79.html
https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
Credit
Thanks to Mehmet Ince from PRODAFT for having disclosed responsibly this vulnerability.