CVE-2008-5807

TestLink <1.8 RC1 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl.

References (4)

[Vendor Advisory] http://secunia.com/advisories/32599

[Product] http://sourceforge.net/project/shownotes.php?release_id=638751

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46431

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/32173

Scores

EPSS 0.0029

EPSS Percentile 51.6%

Classification

CWE

CWE-79

Status published

Affected Products (8)

teamst/testlink < 1.8

teamst/testlink

teamst/testlink

teamst/testlink

teamst/testlink

teamst/testlink

teamst/testlink

n/a/n/a

Timeline

Published Dec 31, 2008

Tracked Since Feb 18, 2026