TestRail version 18.104.22.16830 contains a cross-site scripting vulnerability.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Gurock Software TestRail version 22.214.171.12430 contains a stored cross-site scripting vulnerability. The Created By field in project activities is vulnerable to script injection.
A remote attacker may be able to execute arbitrary script in the context of the end-user's browser session.
Apply a Patch
Thanks to the reporter who wishes to remain anonymous.
This document was written by Chris King.
|Date First Published:||2014-07-24|
|Date Last Updated:||2014-07-24 17:04 UTC|