Vulnerability Note VU#669804
TestRail cross-site scripting vulnerability
TestRail version 220.127.116.1130 contains a cross-site scripting vulnerability.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Gurock Software TestRail version 18.104.22.16830 contains a stored cross-site scripting vulnerability. The Created By field in project activities is vulnerable to script injection.
A remote attacker may be able to execute arbitrary script in the context of the end-user's browser session.
Apply a Patch
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Gurock Software GmbH||Affected||18 Jul 2014||24 Jul 2014|
CVSS Metrics (Learn More)
Thanks to the reporter who wishes to remain anonymous.
This document was written by Chris King.
- CVE IDs: CVE-2014-4857
- Date Public: 24 Jul 2014
- Date First Published: 24 Jul 2014
- Date Last Updated: 24 Jul 2014
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.