Lucene search
HistoryAug 23, 2013 - 4:55 p.m.
CVE-2013-5587
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
5.4 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
54.5%
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions.
Affected configurations
Node
bestpracticalrtMatch4.0.0
ORbestpracticalrtMatch4.0.0rc1
ORbestpracticalrtMatch4.0.0rc2
ORbestpracticalrtMatch4.0.0rc3
ORbestpracticalrtMatch4.0.0rc4
ORbestpracticalrtMatch4.0.0rc5
ORbestpracticalrtMatch4.0.0rc6
ORbestpracticalrtMatch4.0.0rc7
ORbestpracticalrtMatch4.0.0rc8
ORbestpracticalrtMatch4.0.1
ORbestpracticalrtMatch4.0.1rc1
ORbestpracticalrtMatch4.0.1rc2
ORbestpracticalrtMatch4.0.2
ORbestpracticalrtMatch4.0.2rc1
ORbestpracticalrtMatch4.0.2rc2
ORbestpracticalrtMatch4.0.3
ORbestpracticalrtMatch4.0.3rc1
ORbestpracticalrtMatch4.0.3rc2
ORbestpracticalrtMatch4.0.4
ORbestpracticalrtMatch4.0.5
ORbestpracticalrtMatch4.0.5rc1
ORbestpracticalrtMatch4.0.6
ORbestpracticalrtMatch4.0.7
ORbestpracticalrtMatch4.0.7rc1
ORbestpracticalrtMatch4.0.8
ORbestpracticalrtMatch4.0.8rc1
ORbestpracticalrtMatch4.0.8rc2
ORbestpracticalrtMatch4.0.9
ORbestpracticalrtMatch4.0.10
ORbestpracticalrtMatch4.0.11
ORbestpracticalrtMatch4.0.12
References
Related
cve
cve
CVE-2013-5587
2022-10-03 16:14:55
CVE-2013-3371
2022-10-03 16:14:46
prion
prion
Cross site scripting
2013-08-23 16:55:00
Cross site scripting
2013-08-23 16:55:00
debiancve
debiancve
CVE-2013-5587
2022-10-03 16:14:55
CVE-2013-3371
2022-10-03 16:14:46
ubuntucve
ubuntucve
CVE-2013-5587
2013-08-23 00:00:00
CVE-2013-3371
2013-08-23 00:00:00
cvelist
cvelist
CVE-2013-5587
2022-10-03 16:14:55
CVE-2013-3371
2022-10-03 16:14:46
nvd
nvd
CVE-2013-3371
2013-08-23 16:55:07
openvas
openvas
Debian: Security Advisory (DSA-2671-1)
2013-05-21 00:00:00
Debian Security Advisory DSA 2670-1 (request-tracker3.8 - several vulnerabilities)
2013-05-22 00:00:00
Debian: Security Advisory (DSA-2670-1)
2013-05-21 00:00:00
nessus
nessus
Request Tracker 3.8.x < 3.8.17 / 4.x < 4.0.13 Multiple Vulnerabilities
2013-07-22 00:00:00
Debian DSA-2670-1 : request-tracker3.8 - several vulnerabilities
2013-05-23 00:00:00
RT: Request Tracker < 3.8.17 / 4.0.13 Multiple Vulnerabilities
2013-05-24 00:00:00
debian
debian
[SECURITY] [DSA 2670-1] request-tracker3.8 security update
2013-05-22 19:11:30
[SECURITY] [DSA 2670-1] request-tracker3.8 security update
2013-05-22 19:11:30
[SECURITY] [DSA 2671-1] request-tracker4 security update
2013-05-22 19:45:55
osv
osv
request-tracker3.8 - several
2013-05-22 00:00:00
request-tracker4 - several
2013-05-22 00:00:00
freebsd
freebsd
RT -- multiple vulnerabilities
2013-05-22 00:00:00
mageia
mageia
Updated rt/perl-Encode packages fix security vulnerability
2017-09-03 17:31:33
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
5.4 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
54.5%
Related for NVD:CVE-2013-5587