CVE-2013-3736

Cross-site scripting XSS vulnerability in the MobileUI aka RT-Extension-MobileUI extension before 1.04 in Request Tracker RT 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file...