TestLink 安全漏洞

TestLink is a suite of open source software from the TestLink team for managing the software testing process and providing statistical analysis. A security vulnerability exists in TestLink versions prior to v.1.9.20 that stems from the presence of cross-site scripting XSS...

PT-2024-30200 · Testlink · Testlink

Name of the Vulnerable Software and Affected Versions: TestLink versions prior to 1.9.20 Description: The issue allows for Cross Site Scripting XSS via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name. Recommendations: For versions prior to 1.9.2...

CVE-2024-42906

TestLink before v1.9.20 is vulnerable to Cross-Site Scripting (XSS) via the upload-file pop-up; an attacker can inject the payload in the file name during upload. Affected product: TestLink prior to 1.9.20. Remediation stated in PT security notes: upgrade to 1.9.20 Raijin (or apply equivalent fix...

CVE-2023-50110

TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used...

CVE-2023-50110

TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used...

CVE-2023-50110

TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used...

Authentication flaw

TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used...

TestLink Security Breach

TestLink is a suite of open source software from the TestLink team for managing the software testing process and providing statistical analysis. A security vulnerability exists in TestLink versions 1.9.20 and earlier, which stems from a vulnerability that allows authentication to be bypassed via...

CVE-2023-50110

CVE-2023-50110 affects TestLink up to version 1.9.20. The root cause is type juggling in authentication due to not using strict equality (===), enabling authentication bypass. Impact is high (I: High) with no confidentiality/availability impacts, per sources. Exploitation details are not provided...

PT-2023-31477 · Testlink · Testlink

Name of the Vulnerable Software and Affected Versions: TestLink versions 1.9.20 and earlier Description: The issue allows type juggling for authentication bypass because the === operator is not used. This can lead to unauthorized access. Recommendations: For versions 1.9.20 and earlier, consider...

CVE-2023-50110

TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used...

CVE-2022-35196

TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery CSRF via /lib/plan/planView.php...

CVE-2022-35196

TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery CSRF via /lib/plan/planView.php...

Cross site request forgery (csrf)

TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery CSRF via /lib/plan/planView.php...

CVE-2022-35196

TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery CSRF via /lib/plan/planView.php...

CVE-2022-35196

TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery CSRF via /lib/plan/planView.php...

CVE-2022-35196

CVE-2022-35196 affects TestLink v1.9.20 and is a Cross-Site Request Forgery (CSRF) vulnerability exploitable via the /lib/plan/planView.php endpoint. The incident has a high impact (C/H/I/A) per CVSS 3.1 (8.8) with network attack vector, no privileges required, user interaction required. The conn...

TestLink 跨站请求伪造漏洞

TestLink is a suite of open source software from the TestLink team for managing the software testing process and providing statistical analysis. A security vulnerability exists in TestLink v1.9.20, which was discovered via /lib/plan/planView.php to contain a cross-site request forgery vulnerabili...

PT-2022-22627 · Testlink · Testlink

Name of the Vulnerable Software and Affected Versions: TestLink version 1.9.20 Description: A Cross-Site Request Forgery CSRF issue was found via the "/lib/plan/planView.php" API endpoint. Recommendations: For version 1.9.20, update to a newer version that contains a fix for this issue...

CVE-2022-35194

TestLink v1.9.20 was discovered to contain a stored cross-site scripting XSS vulnerability via /lib/inventory/inventoryView.php...