Miglen

**Name of the Vulnerable Software and Affected Versions** Gurock TestRail versions prior to 7.1.2 **Description** The issue allows remote authenticated attackers to run arbitrary code via the `reference` field in milestones or `description` fields in reports. This is a Cross Site Scripting (XSS) issue. **Recommendations** For versions prior to 7.1.2, update to version 7.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `reference` field in milestones and `description` fields in reports to minimize the risk of exploitation. Avoid using these fields until the issue is resolved.

**Nome do software vulnerável e versões afetadas: Versões do Gurock TestRail anteriores à 7.2.4 Descrição: O problema está relacionado ao tratamento incorreto da codificação de escape de HTML. Recomendações: Para versões anteriores à 7.2.4, atualize para a versão 7.2.4 ou posterior para resolver o problema.