Headline
CVE-2021-36538: Stored Cross-site scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows an authenticated threat actors to inject arbitrary web script or HTML via the reference field in milestones or de
Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports.
Stored Cross-site scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows an authenticated threat actors to inject arbitrary web script or HTML via the reference field in milestones or description fields in reports.
Stored Cross-site scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows an authenticated threat actors to inject arbitrary web script or HTML via the reference field in milestones or description fields in reports.
Product: TestRail Version: Prior v7.1.2.1044 Vendor: Gurock
Rating (initial, not-confirmed yet)
Severity: Medium (6.6) CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Base Score Metrics The Base metric group represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. It is composed of two sets of metrics: the Exploitability metrics and the Impact metrics. The Exploitability metrics reflect the ease and technical means by which the vulnerability can be exploited. That is, they represent characteristics of the thing that is vulnerable, which we refer to formally as the vulnerable component. On the other hand, the Impact metrics reflect the direct consequence of a successful exploit, and represent the consequence to the thing that suffers the impact, which we refer to formally as the impacted component.
Exploitability Metrics Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required Scope (S): Unchanged
Impact Metrics Confidentiality Impact ©: High Integrity Impact (I): High Availability Impact (A): None
Steps to reproduce
- Login to a TestRail application with version prior v7.1.2.1044.
- Navigate to Milestones
- Create new Milestone 3.1 Provide dummy data for any other field except reference 3.2 In Reference put "><img src=x onerror=console.log(document.domain)> 3.3 Save and submit
- You should be able to see an alert/console log entry.
- Navigate to Reports
- Create new Report 6.1 Provide dummy data for any other field except description 6.2 In Reference put "><img src=x onerror=console.log(document.domain)> 3.3 Save and submit
- You should be able to see an alert/console log entry.
Note
This is a private and confidential gist, please do not share as the vulnerability might still be exploitable and not yet acknowledged by the vendor.