CVE-2013-3736

2014-05-0517:00:00

mitre

www.cve.org

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.3%

JSON

Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file.

References

lists.bestpractical.com/pipermail/rt-announce/2013-June/000230.html

osvdb.org/94281

secunia.com/advisories/53799

exchange.xforce.ibmcloud.com/vulnerabilities/84963