Lucene search
K

593 matches found

OSV
OSV
added 2025/05/28 6:15 p.m.1 views

UBUNTU-CVE-2025-31501

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink...

7.2CVSS5.8AI score0.00202EPSS
Exploits0References3
OSV
OSV
added 2025/05/28 6:15 p.m.2 views

UBUNTU-CVE-2025-31500

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...

7.2CVSS5.8AI score0.00202EPSS
Exploits0References3
OSV
OSV
added 2025/05/28 12:0 a.m.3 views

CVE-2025-30087

Best Practical RT Request Tracker 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL...

7.2CVSS6.2AI score0.00258EPSS
Exploits0References6
CVE
CVE
added 2025/05/28 12:0 a.m.70 views

CVE-2025-31501

Best Practical RT (Request Tracker) 5.0–5.0.7 is affected by an XSS vulnerability via JavaScript injection in an RT permalink. The issue is documented across multiple feeds as CVE-2025-31501 with exposure to remote users, and the impact described is cross-site scripting with low confidentiality/i...

7.2CVSS6.1AI score0.00202EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/28 12:0 a.m.7 views

CVE-2025-30087

Best Practical RT Request Tracker 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL...

7.2CVSS6.8AI score0.00258EPSS
Exploits0References3
CVE
CVE
added 2025/05/28 12:0 a.m.69 views

CVE-2025-30087

Best Practical RT (Request Tracker) is affected by CVE-2025-30087: versions 4.4 through 4.4.7 and 5.0 through 5.0.7 are vulnerable to cross-site scripting (XSS) via crafted parameters in a search URL. The connected documents confirm this vulnerability as an RT issue and reference release notes su...

7.2CVSS6.1AI score0.00258EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/05/28 12:0 a.m.11 views

CVE-2025-30087

Best Practical RT Request Tracker 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL...

7.2CVSS0.00258EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/28 12:0 a.m.12 views

CVE-2025-31500

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...

7.2CVSS0.00202EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:16 a.m.11 views

CVE-2023-41259

Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call...

7.5CVSS6.7AI score0.00717EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:16 a.m.10 views

CVE-2023-41260

Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls...

7.5CVSS6.7AI score0.00705EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:33 p.m.4 views

CVE-2022-25803

Best Practical Request Tracker RT before 5.0.3 has an Open Redirect via a ticket search...

6.1CVSS6.9AI score0.00445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:33 p.m.6 views

CVE-2022-25802

Best Practical Request Tracker RT before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment...

6.1CVSS5.7AI score0.00604EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:6 p.m.9 views

CVE-2012-4731

FAQ manager for Request Tracker RTFM before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors...

4CVSS6.7AI score0.01662EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:31 a.m.13 views

CVE-2013-3374

Unspecified vulnerability in Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information user preferences and caches via unknown vectors, related to a "limited session re-use."...

4.3CVSS6.4AI score0.01405EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:30 a.m.8 views

CVE-2013-3370

Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request...

6.8CVSS7AI score0.02322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:30 a.m.9 views

CVE-2013-3372

Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting XSS attacks via unspecified vectors...

4.3CVSS6.1AI score0.0206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:21 a.m.5 views

CVE-2013-3373

CRLF injection vulnerability in Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header...

5CVSS7.1AI score0.02428EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:48 a.m.10 views

CVE-2013-5587

Cross-site scripting XSS vulnerability in Request Tracker RT 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions...

4.3CVSS5.7AI score0.0206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:51 a.m.5 views

CVE-2012-4733

Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...

6CVSS6.5AI score0.01634EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:29 a.m.5 views

CVE-2013-3368

bin/rt in Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name...

3.3CVSS6.6AI score0.00346EPSS
Exploits0References1
Rows per page
Query Builder