Vulnerabilities > CVE-2021-37788 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Gurock Testrail 5.3.0.3603

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

gurock

CWE-1021

NVD

Published: 2021-08-09

Updated: 2023-08-08

Summary

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link.

Vulnerable Configurations

Part	Description	Count
Application	Gurock Gurock Testrail 5.3.0.3603	1

Common Weakness Enumeration (CWE)

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

References

https://gist.github.com/rvismit/67bc11dd9ccb7423827564cb81d25740