Filtered by vendor Testlink
Subscribe
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19491 | 1 Testlink | 1 Testlink | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request. | |||||
| CVE-2019-14471 | 1 Testlink | 1 Testlink | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TestLink 1.9.19 has XSS via the error.php message parameter. | |||||
| CVE-2018-7668 | 1 Testlink | 1 Testlink | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php. | |||||
| CVE-2018-7466 | 1 Testlink | 1 Testlink | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value. | |||||
| CVE-2024-42906 | 1 Testlink | 1 Testlink | 2024-09-05 | N/A | 6.1 MEDIUM |
| TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name. | |||||