2 matches found
CVE-2009-4237
Multiple cross-site scripting XSS vulnerabilities in TestLink before 1.8.5 allow remote attackers to inject arbitrary web script or HTML via 1 the req parameter to login.php, and allow remote authenticated users to inject arbitrary web script or HTML via 2 the key parameter to...
CVE-2009-4237
TestLink (before version 1.8.5) is affected by multiple XSS and SQL injection vulnerabilities. The XSS flaws affect inputs across several scripts (e.g., login.php req parameter; lib/general/staticPage.php key; lib/attachments/attachmentupload.php tableName; lib/events/eventviewer.php startDate, e...