TestLink prior to 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
testlink testlink |