4 matches found
EUVD-2019-10933
Malware in sbrugna...
Cross site scripting
TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491...
CVE-2019-20381
TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491...
CVE-2019-19491
CVE-2019-19491 affects TestLink before 1.9.20. It allows XSS through multiple inputs (lib/testcases/archiveData.php edit parameter, index.php reqURI, or lib/testcases/tcEdit.php?doAction=doDeleteStep). Red Hat notes an incomplete fix in related CVE-2019-19491 and lists 1.9.20 as the fixed version...