CVE-2014-4857

Name of the Vulnerable Software and Affected Versions Gurock TestRail versions prior to 3.1.3

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity. This could potentially lead to unauthorized actions on the affected system.

Recommendations For versions prior to 3.1.3, update to version 3.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Created By field in project activities until the update is applied.