Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
testlink testlink vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2014-5308
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.
Testlink Testlink 1.9.11
1 EDB exploit
5
CVSSv2
CVE-2020-12273
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials.
Testlink Testlink 1.9.20
NA
CVE-2022-35193
TestLink v1.9.20 exists to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.
Testlink Testlink 1.9.20
NA
CVE-2022-35195
TestLink 1.9.20 Raijin exists to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php
Testlink Testlink 1.9.20
6.5
CVSSv2
CVE-2020-8639
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated malicious user to upload a malicious file (containing PHP code...
Testlink Testlink 1.9.20
NA
CVE-2022-35194
TestLink v1.9.20 exists to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.
Testlink Testlink 1.9.20
4.3
CVSSv2
CVE-2019-14471
TestLink 1.9.19 has XSS via the error.php message parameter.
Testlink Testlink 1.9.19
NA
CVE-2022-35196
TestLink v1.9.20 exists to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
Testlink Testlink 1.9.20
4.3
CVSSv2
CVE-2019-19491
TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request.
Testlink Testlink 1.9.19
3.5
CVSSv2
CVE-2018-1000113
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and previous versions in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript
Jenkins Testlink
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »