← back
CVE-2019-20381

CVE-2019-20381

EPSS 0.9%
TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://mantis.testlink.org/view.php?id=8808https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/cde692895e425731e6951d265a01ca6425a7c26ehttps://github.com/TestLinkOpenSourceTRMS/testlink-code/compare/1.9.19...1.9.20