VULHUB ™

TestLink is prone to a cross-site request-forgery vulnerability and an HTML-injection vulnerability. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions, execute arbitrary script or HTML code within the context of the browser, and steal cookie-based authentication credentials. Other attacks are also possible. TestLink 1.9.14 is vulnerable; other versions may also be affected.

TestLink is prone to a cross-site request-forgery vulnerability and an HTML-injection vulnerability. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions, execute arbitrary script or HTML code within the context of the browser, and steal cookie-based authentication credentials. Other attacks are also possible. TestLink 1.9.14 is vulnerable; other versions may also be affected.