CVE-2021-37788

MEDIUM

Gurock TestRail v5.3.0.3603 - XSS

Title source: llm

Description

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link.

References (1)

[Exploit, Third Party Advisory] https://gist.github.com/rvismit/67bc11dd9ccb7423827564cb81d25740

Scores

CVSS v3 5.4

EPSS 0.0014

EPSS Percentile 33.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Details

CWE

CWE-1021

Status published

Products (1)

gurock/testrail 5.3.0.3603

Published Aug 09, 2021

Tracked Since Feb 18, 2026