Testlink login Cross Site Scripting Exploit

A cross-site scripting vulnerability is present in TestLink before 1.8.5 allowing remote attackers to inject arbitrary web script or HTML via the req parameter to login.php.
Vulnerabilty ID: 
CVE-2009-4237
Released Date: 
Sunday, January 31, 2010 - 18:00