Vulnerabilities > Testlink

DATE CVE VULNERABILITY TITLE RISK
2024-08-26 CVE-2024-42906 Cross-site Scripting vulnerability in Testlink
TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file.
network
low complexity
testlink CWE-79
6.1
6.1
2023-12-30 CVE-2023-50110 Unspecified vulnerability in Testlink
TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used.
network
low complexity
testlink
7.5
7.5
2022-09-20 CVE-2022-35196 Cross-Site Request Forgery (CSRF) vulnerability in Testlink 1.9.20
TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
network
low complexity
testlink CWE-352
8.8
8.8
2022-09-16 CVE-2022-35194 Cross-site Scripting vulnerability in Testlink 1.9.20
TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.
network
low complexity
testlink CWE-79
5.4
5.4
2022-09-16 CVE-2022-35193 SQL Injection vulnerability in Testlink 1.9.20
TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.
network
low complexity
testlink CWE-89
7.2
7.2
2022-09-16 CVE-2022-35195 Unspecified vulnerability in Testlink 1.9.20
TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php
network
low complexity
testlink
7.2
7.2
2020-04-27 CVE-2020-12274 Unspecified vulnerability in Testlink 1.9.20
In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session.
network
low complexity
testlink
critical
 9.8
9.8
2020-04-27 CVE-2020-12273 Insufficiently Protected Credentials vulnerability in Testlink 1.9.20
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials.
network
low complexity
testlink CWE-522
7.5
7.5
2020-04-03 CVE-2020-8639 Unrestricted Upload of File with Dangerous Type vulnerability in Testlink 1.9.20
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
network
low complexity
testlink CWE-434
8.8
8.8
2020-04-03 CVE-2020-8638 SQL Injection vulnerability in Testlink 1.9.20
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.
network
low complexity
testlink CWE-89
critical
 9.8
9.8