CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 8CVE-2012-2275 – TestLink 1.9.3 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2012-2275
15 Sep 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en TestLink v1.9.3 y anteriores permite a atacantes remotos secuestrar la autenticación de los usuarios para petici... • https://www.exploit-db.com/exploits/21135 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 1%CPEs: 15EXPL: 3CVE-2009-4238 – TestLink Test Management and Execution System - Multiple Cross-Site Scripting / Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4238
10 Dec 2009 — Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php. Múltiples vulnerabilidades de inyección SQL en TestLink en versiones anteriores a v1.8.5 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de (1) el campo "ID de caso de prueba" a lib/general/navBar.php o (2) el parámetro "logLeve... • https://www.exploit-db.com/exploits/10364 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 1%CPEs: 9EXPL: 3CVE-2009-4237 – TestLink Test Management and Execution System - Multiple Cross-Site Scripting / Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4237
10 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the req parameter to login.php, and allow remote authenticated users to inject arbitrary web script or HTML via (2) the key parameter to lib/general/staticPage.php, (3) the tableName parameter to lib/attachments/attachmentupload.php, or the (4) startDate, (5) endDate, or (6) logLevel parameter to lib/events/eventviewer.php; (7) the search_notes_string parameter t... • https://www.exploit-db.com/exploits/10364 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2008-5807
https://notcve.org/view.php?id=CVE-2008-5807
31 Dec 2008 — Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en TestLink v1.8 RC1 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante (1) Testproject Names y (2) Testplan Names ... • http://secunia.com/advisories/32599 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •