Miglen

**Name of the Vulnerable Software and Affected Versions** Gurock TestRail versions prior to 7.1.2 **Description** The issue allows remote authenticated attackers to run arbitrary code via the `reference` field in milestones or `description` fields in reports. This is a Cross Site Scripting (XSS) issue. **Recommendations** For versions prior to 7.1.2, update to version 7.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `reference` field in milestones and `description` fields in reports to minimize the risk of exploitation. Avoid using these fields until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Gurock TestRail versions prior to 7.2.4 Description: The issue is related to the mishandling of HTML escaping. Recommendations: For versions prior to 7.2.4, update to version 7.2.4 or later to resolve the issue.