CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42906
https://notcve.org/view.php?id=CVE-2024-42906
26 Aug 2024 — TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name. • https://testlink.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10378 – Jenkins testlink Cleartext Storage of Credentials Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-10378
07 Aug 2019 — Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. El Plugin TestLink de Jenkins versión 3.16 y anteriores, almacena las credenciales sin cifrar en su archivo de configuración global en el maestro de Jenkins, donde pueden ser visualizados por los usuarios con acceso al sistema de archivos maestro. This vulnerability allows local attackers to disclose sensitive ... • http://www.openwall.com/lists/oss-security/2019/08/07/1 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000113
https://notcve.org/view.php?id=CVE-2018-1000113
13 Mar 2018 — A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript Existe una vulnerabilidad de Cross-Site Scripting (XSS) en Jel plugin TestLink para Jenkins, en versiones 2.12 y anteriores, en TestLinkBuildAction/summary.jelly y otros que permite que un atacante que pueda controlar, por ejemplo, los nombres de informe de ... • https://jenkins.io/security/advisory/2018-02-26/#SECURITY-731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •