Multiple cross-site scripting (XSS) vulnerabilities in TestLink prior to 1.8 RC1 allow remote malicious users to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
teamst testlink 1.8 |
||
teamst testlink 1.7.4 |
||
teamst testlink 1.7.1 |
||
teamst testlink 1.7.3 |
||
teamst testlink 1.7.2 |
||
teamst testlink |