CVE-2021-37788 — MEDIUM (5.4)

Vulnerability Description

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Gurock	Testrail	5.3.0.3603

Related Weaknesses (CWE)

CWE-1021

References

https://gist.github.com/rvismit/67bc11dd9ccb7423827564cb81d25740ExploitThird Party Advisory
https://gist.github.com/rvismit/67bc11dd9ccb7423827564cb81d25740ExploitThird Party Advisory

FAQ

What is CVE-2021-37788?

CVE-2021-37788 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to ...

How severe is CVE-2021-37788?

CVE-2021-37788 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-37788?

Check the references section above for vendor advisories and patch information. Affected products include: Gurock Testrail.