Unrated severityNVD Advisory· Published Dec 31, 2008· Updated Apr 23, 2026

CVE-2008-5807

Description

Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl.

Affected products

Teamst/Testlink7 versions
cpe:2.3:a:teamst:testlink:*:beta3:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:teamst:testlink:*:beta3:*:*:*:*:*:*range: <=1.8
- cpe:2.3:a:teamst:testlink:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:teamst:testlink:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:teamst:testlink:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:teamst:testlink:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:teamst:testlink:1.8:beta1:*:*:*:*:*:*
- cpe:2.3:a:teamst:testlink:1.8:beta2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/32599nvdVendor Advisory
sourceforge.net/project/shownotes.phpnvd
www.securityfocus.com/bid/32173nvd
exchange.xforce.ibmcloud.com/vulnerabilities/46431nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000