Testlink login Cross Site Scripting Exploit

A cross-site scripting vulnerability is present in TestLink before 1.8.5 allowing remote attackers to inject arbitrary web script or HTML via the req parameter to login.php.
Platform: 
Vulnerabilty ID: 
CVE-2009-4237
Product Version: 
10.0
Released Date: 
Monday, February 1, 2010 - 00:00