Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by teamst
CVE-2012-2275 (GCVE-0-2012-2275)
Vulnerability from nvd – Published: 2012-09-15 17:00 – Updated: 2024-08-06 19:26
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/21135 | exploitx_refsource_EXPLOIT-DB |
| http://packetstormsecurity.org/files/116275/TestL… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://gitorious.org/testlink-ga/testlink-code/co… | x_refsource_CONFIRM |
| http://gitorious.org/testlink-ga/testlink-code/co… | x_refsource_CONFIRM |
| http://gitorious.org/testlink-ga/testlink-code/co… | x_refsource_CONFIRM |
| https://www.htbridge.com/advisory/HTB23088 | x_refsource_MISC |
Date Public
2012-06-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21135",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/21135"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/116275/TestLink-1.9.3-Cross-Site-Request-Forgery.html"
},
{
"name": "testlink-userinfo-csrf(78306)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78306"
},
{
"name": "20120905 Cross-Site Request Forgery (CSRF) in TestLink",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0023.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/252788c2373e73173172ada9af661e0721599891"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/c8751a3c9ad8970b49d1bf882203efacd10af087"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/2d4ac941314f8bda80e265c9de8bacf17d1cd3e6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator\u0027s email via an editUser action to lib/usermanagement/userInfo.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21135",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/21135"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/116275/TestLink-1.9.3-Cross-Site-Request-Forgery.html"
},
{
"name": "testlink-userinfo-csrf(78306)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78306"
},
{
"name": "20120905 Cross-Site Request Forgery (CSRF) in TestLink",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0023.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/252788c2373e73173172ada9af661e0721599891"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/c8751a3c9ad8970b49d1bf882203efacd10af087"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/2d4ac941314f8bda80e265c9de8bacf17d1cd3e6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator\u0027s email via an editUser action to lib/usermanagement/userInfo.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21135",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/21135"
},
{
"name": "http://packetstormsecurity.org/files/116275/TestLink-1.9.3-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/116275/TestLink-1.9.3-Cross-Site-Request-Forgery.html"
},
{
"name": "testlink-userinfo-csrf(78306)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78306"
},
{
"name": "20120905 Cross-Site Request Forgery (CSRF) in TestLink",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0023.html"
},
{
"name": "http://gitorious.org/testlink-ga/testlink-code/commit/252788c2373e73173172ada9af661e0721599891",
"refsource": "CONFIRM",
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/252788c2373e73173172ada9af661e0721599891"
},
{
"name": "http://gitorious.org/testlink-ga/testlink-code/commit/c8751a3c9ad8970b49d1bf882203efacd10af087",
"refsource": "CONFIRM",
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/c8751a3c9ad8970b49d1bf882203efacd10af087"
},
{
"name": "http://gitorious.org/testlink-ga/testlink-code/commit/2d4ac941314f8bda80e265c9de8bacf17d1cd3e6",
"refsource": "CONFIRM",
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/2d4ac941314f8bda80e265c9de8bacf17d1cd3e6"
},
{
"name": "https://www.htbridge.com/advisory/HTB23088",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2275",
"datePublished": "2012-09-15T17:00:00.000Z",
"dateReserved": "2012-04-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:09.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4238 (GCVE-0-2009-4238)
Vulnerability from nvd – Published: 2009-12-10 23:00 – Updated: 2024-08-07 06:54
VLAI
Summary
Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://osvdb.org/60919 | vdb-entryx_refsource_OSVDB |
| http://www.coresecurity.com/content/testlink-mult… | x_refsource_MISC |
| http://osvdb.org/60920 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/37258 | vdb-entryx_refsource_BID |
| http://www.teamst.org/index.php?option=com_conten… | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
Date Public
2009-12-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60919",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60919"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities"
},
{
"name": "60920",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60920"
},
{
"name": "37258",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37258"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.teamst.org/index.php?option=com_content\u0026task=view\u0026id=84\u0026Itemid=2"
},
{
"name": "20091209 CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-26T01:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "60919",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60919"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities"
},
{
"name": "60920",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60920"
},
{
"name": "37258",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37258"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.teamst.org/index.php?option=com_content\u0026task=view\u0026id=84\u0026Itemid=2"
},
{
"name": "20091209 CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60919",
"refsource": "OSVDB",
"url": "http://osvdb.org/60919"
},
{
"name": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities"
},
{
"name": "60920",
"refsource": "OSVDB",
"url": "http://osvdb.org/60920"
},
{
"name": "37258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37258"
},
{
"name": "http://www.teamst.org/index.php?option=com_content\u0026task=view\u0026id=84\u0026Itemid=2",
"refsource": "CONFIRM",
"url": "http://www.teamst.org/index.php?option=com_content\u0026task=view\u0026id=84\u0026Itemid=2"
},
{
"name": "20091209 CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4238",
"datePublished": "2009-12-10T23:00:00.000Z",
"dateReserved": "2009-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:54:10.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4237 (GCVE-0-2009-4237)
Vulnerability from nvd – Published: 2009-12-10 23:00 – Updated: 2024-08-07 06:54
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the req parameter to login.php, and allow remote authenticated users to inject arbitrary web script or HTML via (2) the key parameter to lib/general/staticPage.php, (3) the tableName parameter to lib/attachments/attachmentupload.php, or the (4) startDate, (5) endDate, or (6) logLevel parameter to lib/events/eventviewer.php; (7) the search_notes_string parameter to lib/results/resultsMoreBuilds_buildReport.php; or the (8) expected_results, (9) name, (10) steps, or (11) summary parameter in a find action to lib/testcases/searchData.php, related to lib/functions/database.class.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://osvdb.org/60915 | vdb-entryx_refsource_OSVDB |
| http://www.coresecurity.com/content/testlink-mult… | x_refsource_MISC |
| http://osvdb.org/60918 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/60917 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/37258 | vdb-entryx_refsource_BID |
| http://www.teamst.org/index.php?option=com_conten… | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://osvdb.org/60914 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/60916 | vdb-entryx_refsource_OSVDB |
Date Public
2009-12-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60915",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60915"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities"
},
{
"name": "60918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60918"
},
{
"name": "60917",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60917"
},
{
"name": "37258",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37258"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.teamst.org/index.php?option=com_content\u0026task=view\u0026id=84\u0026Itemid=2"
},
{
"name": "20091209 CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html"
},
{
"name": "60914",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60914"
},
{
"name": "60916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the req parameter to login.php, and allow remote authenticated users to inject arbitrary web script or HTML via (2) the key parameter to lib/general/staticPage.php, (3) the tableName parameter to lib/attachments/attachmentupload.php, or the (4) startDate, (5) endDate, or (6) logLevel parameter to lib/events/eventviewer.php; (7) the search_notes_string parameter to lib/results/resultsMoreBuilds_buildReport.php; or the (8) expected_results, (9) name, (10) steps, or (11) summary parameter in a find action to lib/testcases/searchData.php, related to lib/functions/database.class.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-26T01:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "60915",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60915"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities"
},
{
"name": "60918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60918"
},
{
"name": "60917",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60917"
},
{
"name": "37258",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37258"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.teamst.org/index.php?option=com_content\u0026task=view\u0026id=84\u0026Itemid=2"
},
{
"name": "20091209 CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html"
},
{
"name": "60914",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60914"
},
{
"name": "60916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the req parameter to login.php, and allow remote authenticated users to inject arbitrary web script or HTML via (2) the key parameter to lib/general/staticPage.php, (3) the tableName parameter to lib/attachments/attachmentupload.php, or the (4) startDate, (5) endDate, or (6) logLevel parameter to lib/events/eventviewer.php; (7) the search_notes_string parameter to lib/results/resultsMoreBuilds_buildReport.php; or the (8) expected_results, (9) name, (10) steps, or (11) summary parameter in a find action to lib/testcases/searchData.php, related to lib/functions/database.class.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60915",
"refsource": "OSVDB",
"url": "http://osvdb.org/60915"
},
{
"name": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities"
},
{
"name": "60918",
"refsource": "OSVDB",
"url": "http://osvdb.org/60918"
},
{
"name": "60917",
"refsource": "OSVDB",
"url": "http://osvdb.org/60917"
},
{
"name": "37258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37258"
},
{
"name": "http://www.teamst.org/index.php?option=com_content\u0026task=view\u0026id=84\u0026Itemid=2",
"refsource": "CONFIRM",
"url": "http://www.teamst.org/index.php?option=com_content\u0026task=view\u0026id=84\u0026Itemid=2"
},
{
"name": "20091209 CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html"
},
{
"name": "60914",
"refsource": "OSVDB",
"url": "http://osvdb.org/60914"
},
{
"name": "60916",
"refsource": "OSVDB",
"url": "http://osvdb.org/60916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4237",
"datePublished": "2009-12-10T23:00:00.000Z",
"dateReserved": "2009-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:54:10.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5807 (GCVE-0-2008-5807)
Vulnerability from nvd – Published: 2008-12-31 11:00 – Updated: 2024-08-07 11:04
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/32599 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/32173 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-11-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32599"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=638751"
},
{
"name": "32173",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32173"
},
{
"name": "testlink-testproject-plannames-xss(46431)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32599"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=638751"
},
{
"name": "32173",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32173"
},
{
"name": "testlink-testproject-plannames-xss(46431)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32599",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32599"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=638751",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=638751"
},
{
"name": "32173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32173"
},
{
"name": "testlink-testproject-plannames-xss(46431)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5807",
"datePublished": "2008-12-31T11:00:00.000Z",
"dateReserved": "2008-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:04:44.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2275 (GCVE-0-2012-2275)
Vulnerability from cvelistv5 – Published: 2012-09-15 17:00 – Updated: 2024-08-06 19:26
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/21135 | exploitx_refsource_EXPLOIT-DB |
| http://packetstormsecurity.org/files/116275/TestL… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://gitorious.org/testlink-ga/testlink-code/co… | x_refsource_CONFIRM |
| http://gitorious.org/testlink-ga/testlink-code/co… | x_refsource_CONFIRM |
| http://gitorious.org/testlink-ga/testlink-code/co… | x_refsource_CONFIRM |
| https://www.htbridge.com/advisory/HTB23088 | x_refsource_MISC |
Date Public
2012-06-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21135",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/21135"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/116275/TestLink-1.9.3-Cross-Site-Request-Forgery.html"
},
{
"name": "testlink-userinfo-csrf(78306)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78306"
},
{
"name": "20120905 Cross-Site Request Forgery (CSRF) in TestLink",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0023.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/252788c2373e73173172ada9af661e0721599891"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/c8751a3c9ad8970b49d1bf882203efacd10af087"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/2d4ac941314f8bda80e265c9de8bacf17d1cd3e6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator\u0027s email via an editUser action to lib/usermanagement/userInfo.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21135",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/21135"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/116275/TestLink-1.9.3-Cross-Site-Request-Forgery.html"
},
{
"name": "testlink-userinfo-csrf(78306)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78306"
},
{
"name": "20120905 Cross-Site Request Forgery (CSRF) in TestLink",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0023.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/252788c2373e73173172ada9af661e0721599891"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/c8751a3c9ad8970b49d1bf882203efacd10af087"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/2d4ac941314f8bda80e265c9de8bacf17d1cd3e6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator\u0027s email via an editUser action to lib/usermanagement/userInfo.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21135",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/21135"
},
{
"name": "http://packetstormsecurity.org/files/116275/TestLink-1.9.3-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/116275/TestLink-1.9.3-Cross-Site-Request-Forgery.html"
},
{
"name": "testlink-userinfo-csrf(78306)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78306"
},
{
"name": "20120905 Cross-Site Request Forgery (CSRF) in TestLink",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0023.html"
},
{
"name": "http://gitorious.org/testlink-ga/testlink-code/commit/252788c2373e73173172ada9af661e0721599891",
"refsource": "CONFIRM",
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/252788c2373e73173172ada9af661e0721599891"
},
{
"name": "http://gitorious.org/testlink-ga/testlink-code/commit/c8751a3c9ad8970b49d1bf882203efacd10af087",
"refsource": "CONFIRM",
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/c8751a3c9ad8970b49d1bf882203efacd10af087"
},
{
"name": "http://gitorious.org/testlink-ga/testlink-code/commit/2d4ac941314f8bda80e265c9de8bacf17d1cd3e6",
"refsource": "CONFIRM",
"url": "http://gitorious.org/testlink-ga/testlink-code/commit/2d4ac941314f8bda80e265c9de8bacf17d1cd3e6"
},
{
"name": "https://www.htbridge.com/advisory/HTB23088",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2275",
"datePublished": "2012-09-15T17:00:00.000Z",
"dateReserved": "2012-04-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:09.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4238 (GCVE-0-2009-4238)
Vulnerability from cvelistv5 – Published: 2009-12-10 23:00 – Updated: 2024-08-07 06:54
VLAI
Summary
Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://osvdb.org/60919 | vdb-entryx_refsource_OSVDB |
| http://www.coresecurity.com/content/testlink-mult… | x_refsource_MISC |
| http://osvdb.org/60920 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/37258 | vdb-entryx_refsource_BID |
| http://www.teamst.org/index.php?option=com_conten… | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
Date Public
2009-12-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60919",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60919"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities"
},
{
"name": "60920",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60920"
},
{
"name": "37258",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37258"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.teamst.org/index.php?option=com_content\u0026task=view\u0026id=84\u0026Itemid=2"
},
{
"name": "20091209 CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-26T01:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "60919",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60919"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities"
},
{
"name": "60920",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60920"
},
{
"name": "37258",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37258"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.teamst.org/index.php?option=com_content\u0026task=view\u0026id=84\u0026Itemid=2"
},
{
"name": "20091209 CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60919",
"refsource": "OSVDB",
"url": "http://osvdb.org/60919"
},
{
"name": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities"
},
{
"name": "60920",
"refsource": "OSVDB",
"url": "http://osvdb.org/60920"
},
{
"name": "37258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37258"
},
{
"name": "http://www.teamst.org/index.php?option=com_content\u0026task=view\u0026id=84\u0026Itemid=2",
"refsource": "CONFIRM",
"url": "http://www.teamst.org/index.php?option=com_content\u0026task=view\u0026id=84\u0026Itemid=2"
},
{
"name": "20091209 CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4238",
"datePublished": "2009-12-10T23:00:00.000Z",
"dateReserved": "2009-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:54:10.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4237 (GCVE-0-2009-4237)
Vulnerability from cvelistv5 – Published: 2009-12-10 23:00 – Updated: 2024-08-07 06:54
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the req parameter to login.php, and allow remote authenticated users to inject arbitrary web script or HTML via (2) the key parameter to lib/general/staticPage.php, (3) the tableName parameter to lib/attachments/attachmentupload.php, or the (4) startDate, (5) endDate, or (6) logLevel parameter to lib/events/eventviewer.php; (7) the search_notes_string parameter to lib/results/resultsMoreBuilds_buildReport.php; or the (8) expected_results, (9) name, (10) steps, or (11) summary parameter in a find action to lib/testcases/searchData.php, related to lib/functions/database.class.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://osvdb.org/60915 | vdb-entryx_refsource_OSVDB |
| http://www.coresecurity.com/content/testlink-mult… | x_refsource_MISC |
| http://osvdb.org/60918 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/60917 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/37258 | vdb-entryx_refsource_BID |
| http://www.teamst.org/index.php?option=com_conten… | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://osvdb.org/60914 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/60916 | vdb-entryx_refsource_OSVDB |
Date Public
2009-12-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60915",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60915"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities"
},
{
"name": "60918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60918"
},
{
"name": "60917",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60917"
},
{
"name": "37258",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37258"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.teamst.org/index.php?option=com_content\u0026task=view\u0026id=84\u0026Itemid=2"
},
{
"name": "20091209 CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html"
},
{
"name": "60914",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60914"
},
{
"name": "60916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the req parameter to login.php, and allow remote authenticated users to inject arbitrary web script or HTML via (2) the key parameter to lib/general/staticPage.php, (3) the tableName parameter to lib/attachments/attachmentupload.php, or the (4) startDate, (5) endDate, or (6) logLevel parameter to lib/events/eventviewer.php; (7) the search_notes_string parameter to lib/results/resultsMoreBuilds_buildReport.php; or the (8) expected_results, (9) name, (10) steps, or (11) summary parameter in a find action to lib/testcases/searchData.php, related to lib/functions/database.class.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-26T01:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "60915",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60915"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities"
},
{
"name": "60918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60918"
},
{
"name": "60917",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60917"
},
{
"name": "37258",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37258"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.teamst.org/index.php?option=com_content\u0026task=view\u0026id=84\u0026Itemid=2"
},
{
"name": "20091209 CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html"
},
{
"name": "60914",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60914"
},
{
"name": "60916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the req parameter to login.php, and allow remote authenticated users to inject arbitrary web script or HTML via (2) the key parameter to lib/general/staticPage.php, (3) the tableName parameter to lib/attachments/attachmentupload.php, or the (4) startDate, (5) endDate, or (6) logLevel parameter to lib/events/eventviewer.php; (7) the search_notes_string parameter to lib/results/resultsMoreBuilds_buildReport.php; or the (8) expected_results, (9) name, (10) steps, or (11) summary parameter in a find action to lib/testcases/searchData.php, related to lib/functions/database.class.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60915",
"refsource": "OSVDB",
"url": "http://osvdb.org/60915"
},
{
"name": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities"
},
{
"name": "60918",
"refsource": "OSVDB",
"url": "http://osvdb.org/60918"
},
{
"name": "60917",
"refsource": "OSVDB",
"url": "http://osvdb.org/60917"
},
{
"name": "37258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37258"
},
{
"name": "http://www.teamst.org/index.php?option=com_content\u0026task=view\u0026id=84\u0026Itemid=2",
"refsource": "CONFIRM",
"url": "http://www.teamst.org/index.php?option=com_content\u0026task=view\u0026id=84\u0026Itemid=2"
},
{
"name": "20091209 CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html"
},
{
"name": "60914",
"refsource": "OSVDB",
"url": "http://osvdb.org/60914"
},
{
"name": "60916",
"refsource": "OSVDB",
"url": "http://osvdb.org/60916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4237",
"datePublished": "2009-12-10T23:00:00.000Z",
"dateReserved": "2009-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:54:10.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5807 (GCVE-0-2008-5807)
Vulnerability from cvelistv5 – Published: 2008-12-31 11:00 – Updated: 2024-08-07 11:04
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/32599 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/32173 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-11-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32599"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=638751"
},
{
"name": "32173",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32173"
},
{
"name": "testlink-testproject-plannames-xss(46431)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32599"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=638751"
},
{
"name": "32173",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32173"
},
{
"name": "testlink-testproject-plannames-xss(46431)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32599",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32599"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=638751",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=638751"
},
{
"name": "32173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32173"
},
{
"name": "testlink-testproject-plannames-xss(46431)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5807",
"datePublished": "2008-12-31T11:00:00.000Z",
"dateReserved": "2008-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:04:44.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}