Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TESTRAIL_CVE-2014-4857.NASL
HistoryAug 21, 2014 - 12:00 a.m.

Gurock TestRail < 3.1.3 XSS

2014-08-2100:00:00
This script is Copyright (C) 2014-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

52.5%

JSON

According to its self-reported version, the installation of Gurock TestRail running on the remote host is a version prior to 3.1.3. It is, therefore, affected by a cross-site scripting vulnerability due to improper sanitization of the ‘Created By’ field displayed on the overview page, project summary report, and report filters.

Note that only authenticated users can exploit this vulnerability.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(77302);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/28");

  script_cve_id("CVE-2014-4857");
  script_bugtraq_id(68884);
  script_xref(name:"CERT", value:"669804");

  script_name(english:"Gurock TestRail < 3.1.3 XSS");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is running a test management and quality assurance web
application affected by an XSS vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the installation of Gurock
TestRail running on the remote host is a version prior to 3.1.3. It
is, therefore, affected by a cross-site scripting vulnerability due to
improper sanitization of the 'Created By' field displayed on the
overview page, project summary report, and report filters.

Note that only authenticated users can exploit this vulnerability.");
  # http://forum.gurock.com/topic/1652/testrail-313-released/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8c7ca45c");
  script_set_attribute(attribute:"solution", value:
"Upgrade to TestRail 3.1.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4857");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/07/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/21");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:gurock:testrail");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses : XSS");

  script_copyright(english:"This script is Copyright (C) 2014-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("testrail_web_detect.nbin");
  script_require_keys("installed_sw/Gurock TestRail");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80, 443);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
include("http.inc");

app     = "Gurock TestRail";
get_install_count(app_name:app, exit_if_zero:TRUE);
port    = get_http_port(default:80);
install = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE);
ver     = install['version'];
url     = build_url(qs:install['path'],port:port);
fix     = "3.1.3";

if(ver_compare(ver:ver,fix:fix,strict:FALSE) < 0)
{
  set_kb_item(name:"www/"+port+"/XSS",value:TRUE);
  if (report_verbosity > 0)
  {
    report =
      '\n  URL               : ' + url +
      '\n  Installed version : ' + ver +
      '\n  Fixed version     : ' + fix +
      '\n';
    security_warning(port:port, extra:report);
  } else security_warning(port);
} else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, url, ver);

Related

nvd 1
cve 1
prion 1
cvelist 1
cert 1
nvd
nvd
CVE-2014-4857
2014-07-26 15:55:04
cve
cve
CVE-2014-4857
2014-07-26 15:55:04
prion
prion
Cross site scripting
2014-07-26 15:55:00
cvelist
cvelist
CVE-2014-4857
2014-07-26 15:00:00
cert
cert
TestRail cross-site scripting vulnerability
2014-07-24 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

52.5%

JSON
Related for TESTRAIL_CVE-2014-4857.NASL
nvd1cve1prion1cvelist1cert1