CVE-2008-5807 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php and possibly (3) Testcaseprefixes in projectview.tpl.

Reference

http://secunia.com/advisories/32599 http://sourceforge.net/project/shownotes.php?release_id=638751 http://www.securityfocus.com/bid/32173 https://exchange.xforce.ibmcloud.com/vulnerabilities/46431