CVE-2008-5807

Name of the Vulnerable Software and Affected Versions TestLink versions prior to 1.8 RC1

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can occur via Testproject Names and Testplan Names in planEdit.php, and possibly Testcaseprefixes in projectview.tpl.

Recommendations For versions prior to 1.8 RC1, update to version 1.8 RC1 or later to resolve the issue. As a temporary workaround, consider restricting user input for Testproject Names, Testplan Names, and Testcaseprefixes to minimize the risk of exploitation. Avoid using potentially malicious input in the affected areas until the issue is resolved.