CVE Vulnerability

CVE-2021-37788

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://gist.github.com/rvismit/67bc11dd9ccb7423827564cb81d25740 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:gurock:testrail:5.3.0.3603:*:*:*:*:*:*:*
Information

Published : 2021-08-09 01:15

Updated : 2021-08-17 02:15

NVD link : CVE-2021-37788

Mitre link : CVE-2021-37788

Products Affected
No products.
CWE
CWE-1021

Improper Restriction of Rendered UI Layers or Frames

CWE-20