Every CVE whose affected-product data names Gurock Testrail, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2018-20063 — CVSS 8.8 (high): An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form…
CVE-2021-40875 — CVSS 7.5 (high): Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the…
CVE-2021-36538 — CVSS 5.4 (medium): Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via…
CVE-2021-37788 — CVSS 5.4 (medium): A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a…
CVE-2019-7535 — CVSS 5.3 (medium): index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path…
CVE-2014-4857 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via…