Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain artifacts could insert malicious code when displaying the children of a parent artifact to force victims to execute the uncontrolled code. This is fixed in version Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3.
https://tuleap.net/plugins/tracker/?aid=43693
https://github.com/Enalean/tuleap/security/advisories/GHSA-6r66-j76j-rwhw
http://github.com/Enalean/tuleap/commit/c1aec8247697d63dc4af791ecd6bd70d105ded08