PT-2023-12285 · Gurock · Gurock Testrail

Name of the Vulnerable Software and Affected Versions: Gurock TestRail versions prior to 7.1.2 Description: The issue allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports. This is a Cross Site Scripting XSS issue...

CVE-2019-7535

index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology...