N/A

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link.

N/A

N/A

Gurock Software Gurock TestRail 安全漏洞

Gurock Software Gurock TestRail是德国Gurock Software公司的一套基于Web的、用于QA和开发团队的测试用例管理软件。该软件支持创建测试用例、管理测试套件和协调测试过程等。 Gurock TestRail存在安全漏洞，该漏洞允许未经认证的远程攻击者可利用该漏洞通过点击劫持攻击来影响设备的完整性。该漏洞是由于发送到受影响设备的HTTP请求中iFrame数据的输入验证不足造成的。攻击者可利用该漏洞可以通过发送带有恶意iFrame数据的精心制作的HTTP包来利用这个漏洞

N/A

N/A