Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Gurock
  • Testrail

Configuration 1 [-]

cpe:2.3:a:gurock:testrail:*:*:*:*:*:*:*:*
References
Link Resource
http://forum.gurock.com/topic/1652/testrail-313-released/ Vendor Advisory
http://www.kb.cert.org/vuls/id/669804 Third Party Advisory US Government Resource
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2014-07-26T15:00:00

Updated: 2014-07-26T14:57:00

Reserved: 2014-07-10T00:00:00

Link: CVE-2014-4857

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2014-07-26T15:55:04.277

Modified: 2014-07-28T19:05:18.357

Link: CVE-2014-4857

JSON object: View

cve-icon Redhat Information

No data.

CWE