Skip to main content

Testrail

5 CVEs product

Monthly

CVE-2021-44263 MEDIUM POC This Month

Gurock TestRail before 7.2.4 mishandles HTML escaping. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Testrail
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-40875 HIGH POC THREAT This Week

Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Testrail
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
48.4%
CVE-2021-37788 MEDIUM POC This Month

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Testrail
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2019-7535 MEDIUM This Month

index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Testrail
NVD GitHub
CVSS 3.0
5.3
EPSS
1.1%
CVE-2014-4857 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Testrail
NVD
CVSS 2.0
4.3
EPSS
0.6%
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Gurock TestRail before 7.2.4 mishandles HTML escaping. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Testrail
NVD GitHub
EPSS 48% CVSS 7.5
HIGH POC THREAT This Week

Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Testrail
NVD GitHub Exploit-DB
EPSS 2% CVSS 5.4
MEDIUM POC This Month

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Testrail
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Testrail
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Testrail
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy