CVE-2021-37788

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link.
References
Link Resource
https://gist.github.com/rvismit/67bc11dd9ccb7423827564cb81d25740 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:gurock:testrail:5.3.0.3603:*:*:*:*:*:*:*

Information

Published : 2021-08-09 06:15

Updated : 2021-08-17 07:15


NVD link : CVE-2021-37788

Mitre link : CVE-2021-37788


JSON object : View

CWE
CWE-1021

Improper Restriction of Rendered UI Layers or Frames

CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

gurock

  • testrail