{"vuid":"VU#669804","idnumber":"669804","name":"TestRail cross-site scripting vulnerability","keywords":["xss","cwe-79","testrail"],"overview":"TestRail version 3.1.1.3130 contains a cross-site scripting vulnerability.","clean_desc":"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nGurock Software TestRail version 3.1.1.3130 contains a stored cross-site scripting vulnerability. The Created By field in project activities is vulnerable to script injection.","impact":"A remote attacker may be able to execute arbitrary script in the context of the end-user's browser session.","resolution":"Apply a Patch\nGurock Software has released an update (Testrail 3.1.3) addressing this vulnerability.","workarounds":"","sysaffected":"","thanks":"Thanks to the reporter who wishes to remain anonymous.","author":"This document was written by Chris King.","public":["http://www.gurock.com/testrail/","http://forum.gurock.com/topic/1652/testrail-313-released/","http://cwe.mitre.org/data/definitions/79.html"],"cveids":["CVE-2014-4857"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-07-03T19:08:35Z","publicdate":"2014-07-24T00:00:00Z","datefirstpublished":"2014-07-24T17:04:01Z","dateupdated":"2014-07-24T17:04:03Z","revision":12,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"P","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"N","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"5","cvss_basevector":"AV:N/AC:L/Au:N/C:N/I:P/A:N","cvss_temporalscore":"4.1","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:N/TD:N/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}