Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2008-12-31 11:30
Updated : 2024-02-28 11:21
NVD link : CVE-2008-5807
Mitre link : CVE-2008-5807
CVE.ORG link : CVE-2008-5807
JSON object : View
Products Affected
teamst
- testlink
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')