TestLink 1.9.13 Cross Site Scripting

A cross site scripting vulnerability exists in TestLink version 1.9.13. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

TestLink 1.9.13 SQL Injection

A SQL injection vulnerability exists in TestLink version 1.9.13. The vulnerability allows remote attackers to execute arbitrary SQL commands and potentially compromise the database. This issue is older research added to the archive...

CVE-2021-47760

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as a duplicate...

EUVD-2026-2781

TestLink versions 1.16 through 1.19 contain an unauthenticated file download vulnerability in the attachmentdownload.php endpoint. Attackers can download arbitrary files by iterating file IDs through the 'id' parameter with 'skipCheck=1' to bypass access controls...

CVE-2021-47760

...

CVE-2021-47760

...

CVE-2021-47760

CVE-2021-47760 entry is rejected/not used and does not represent an active vulnerability.

PT-2026-3036

Name of the Vulnerable Software and Affected Versions TestLink versions 1.16 through 1.19 Description The software contains an unauthenticated file download issue. An attacker can download arbitrary files by manipulating the id parameter in the ''attachmentdownload.php'' endpoint, utilizing...

CVE-2023-50110

TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used...

CVE-2018-1000113

A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript...

CVE-2022-35195

TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php...

CVE-2022-35196

TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery CSRF via /lib/plan/planView.php...

CVE-2022-35194

TestLink v1.9.20 was discovered to contain a stored cross-site scripting XSS vulnerability via /lib/inventory/inventoryView.php...

CVE-2019-20107

Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the 1 tprojectid parameter to keywordsView.php; the 2 reqspecid parameter to reqSpecCompareRevisions.php; the 3 requirementid parameter to...

CVE-2019-20381

TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491...

CVE-2020-12273

In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...

CVE-2020-12274

In TestLink 1.9.20, the lib/cfields/cfieldsExport.php gobackurl parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session...

EUVD-2007-5976

Malware in sbrugna...

EUVD-2020-29683

Malware in sbrugna...

EUVD-2012-2268

Malware in sbrugna...