RT -- two XSS vulnerabilities

2015-08-12T00:00:00
ID 83B38A2C-413E-11E5-BFCF-6805CA0B3D42
Type freebsd
Reporter FreeBSD
Modified 2015-08-18T00:00:00

Description

Best Practical reports:

RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopec at Data Reliance Shared Service Center. RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack via the cryptography interface. This vulnerability could allow an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected.