CVE-2014-4857

Gurock TestRail <3.1.3 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity.

References (2)

[Vendor Advisory] http://forum.gurock.com/topic/1652/testrail-313-released/

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/669804

Scores

EPSS 0.0061

EPSS Percentile 69.4%

Details

CWE

CWE-79

Status published

Products (2)

gurock/testrail < 3.1.1.3130

n/a/n/a

Published Jul 26, 2014

Tracked Since Feb 18, 2026