Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
testlink vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-8639
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated malicious user to upload a malicious file (containing PHP code...
Testlink Testlink 1.9.20
9.8
CVSSv3
CVE-2020-12274
In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session.
Testlink Testlink 1.9.20
6.1
CVSSv3
CVE-2019-14471
TestLink 1.9.19 has XSS via the error.php message parameter.
Testlink Testlink 1.9.19
8.8
CVSSv3
CVE-2022-35196
TestLink v1.9.20 exists to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
Testlink Testlink 1.9.20
6.1
CVSSv3
CVE-2019-19491
TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request.
Testlink Testlink 1.9.19
7.2
CVSSv3
CVE-2022-35193
TestLink v1.9.20 exists to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.
Testlink Testlink 1.9.20
5.4
CVSSv3
CVE-2022-35194
TestLink v1.9.20 exists to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.
Testlink Testlink 1.9.20
7.2
CVSSv3
CVE-2022-35195
TestLink 1.9.20 Raijin exists to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php
Testlink Testlink 1.9.20
8.8
CVSSv3
CVE-2020-8841
An issue exists in TestLink 1.9.19. The relation_type parameter of the lib/requirements/reqSearch.php endpoint is vulnerable to authenticated SQL Injection.
Testlink Testlink 1.9.19
5.4
CVSSv3
CVE-2018-1000113
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and previous versions in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript
Jenkins Testlink
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »