Lucene search

PRIOn knowledge basePRION:CVE-2013-5587

HistoryAug 23, 2013 - 4:55 p.m.

Cross site scripting

2013-08-2316:55:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.5%

JSON

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions.

CPENameOperatorVersion
rteq4.0.12
rteq4.0.0 rc4
rteq4.0.9
rteq4.0.11
rteq4.0.3
rteq4.0.0 rc7
rteq4.0.8
rteq4.0.1
rteq4.0.0 rc3
rteq4.0.0 rc8

Name	Operator	Version
rt	eq	4.0.12
rt	eq	4.0.0 rc4
rt	eq	4.0.9
rt	eq	4.0.11
rt	eq	4.0.3
rt	eq	4.0.0 rc7
rt	eq	4.0.8
rt	eq	4.0.1
rt	eq	4.0.0 rc3
rt	eq	4.0.0 rc8

Rows per page:

1-10 of 311

References

lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html

lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html

lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html

secunia.com/advisories/53505

secunia.com/advisories/53522

www.debian.org/security/2012/dsa-2670