Skip to content

Instantly share code, notes, and snippets.

@miglen

miglen/README.md Secret

Created June 30, 2021 15:01
Show Gist options
  • Save miglen/b09498b4b9fe1be58973bd474af125ab to your computer and use it in GitHub Desktop.
Save miglen/b09498b4b9fe1be58973bd474af125ab to your computer and use it in GitHub Desktop.
Download ZIP
Stored Cross-site scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows an authenticated threat actors to inject arbitrary web script or HTML via the reference field in milestones or description fields in reports.
Raw
README.md

Description

Stored Cross-site scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows an authenticated threat actors to inject arbitrary web script or HTML via the reference field in milestones or description fields in reports.

Product: TestRail Version: Prior v7.1.2.1044 Vendor: Gurock

Rating (initial, not-confirmed yet)

Severity: Medium (6.6) CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Base Score Metrics The Base metric group represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. It is composed of two sets of metrics: the Exploitability metrics and the Impact metrics. The Exploitability metrics reflect the ease and technical means by which the vulnerability can be exploited. That is, they represent characteristics of the thing that is vulnerable, which we refer to formally as the vulnerable component. On the other hand, the Impact metrics reflect the direct consequence of a successful exploit, and represent the consequence to the thing that suffers the impact, which we refer to formally as the impacted component.

Exploitability Metrics Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required Scope (S): Unchanged

Impact Metrics Confidentiality Impact (C): High Integrity Impact (I): High Availability Impact (A): None

Steps to reproduce

  1. Login to a TestRail application with version prior v7.1.2.1044.
  2. Navigate to Milestones
  3. Create new Milestone 3.1 Provide dummy data for any other field except reference 3.2 In Reference put "><img src=x onerror=console.log(document.domain)> 3.3 Save and submit
  4. You should be able to see an alert/console log entry.
  5. Navigate to Reports
  6. Create new Report 6.1 Provide dummy data for any other field except description 6.2 In Reference put "><img src=x onerror=console.log(document.domain)> 3.3 Save and submit
  7. You should be able to see an alert/console log entry.

Note

This is a private and confidential gist, please do not share as the vulnerability might still be exploitable and not yet acknowledged by the vendor.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment