Yu-Hsiang

**Name of the Vulnerable Software and Affected Versions** TestLink version 1.9.20 **Description** A Cross-Site Request Forgery (CSRF) issue was found via the "/lib/plan/planView.php" API endpoint. **Recommendations** For version 1.9.20, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TestLink version 1.9.20 **Description** The issue is a SQL injection vulnerability. It can be exploited via the /lib/execute/execNavigator.php endpoint. **Recommendations** For TestLink version 1.9.20, consider restricting access to the /lib/execute/execNavigator.php endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TestLink version 1.9.20 **Description** A stored cross-site scripting (XSS) issue was found in TestLink via the /lib/inventory/inventoryView.php API endpoint. **Recommendations** For version 1.9.20, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TestLink version 1.9.20 Raijin **Description** A broken access control issue was found in TestLink at the "/lib/attachments/attachmentdownload.php" API endpoint. **Recommendations** For TestLink version 1.9.20 Raijin, consider restricting access to the "/lib/attachments/attachmentdownload.php" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.