593 matches found
UBUNTU-CVE-2025-31501
Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink...
UBUNTU-CVE-2025-31500
Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...
CVE-2025-30087
Best Practical RT Request Tracker 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL...
CVE-2025-31501
Best Practical RT (Request Tracker) 5.0–5.0.7 is affected by an XSS vulnerability via JavaScript injection in an RT permalink. The issue is documented across multiple feeds as CVE-2025-31501 with exposure to remote users, and the impact described is cross-site scripting with low confidentiality/i...
CVE-2025-30087
Best Practical RT Request Tracker 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL...
CVE-2025-30087
Best Practical RT (Request Tracker) is affected by CVE-2025-30087: versions 4.4 through 4.4.7 and 5.0 through 5.0.7 are vulnerable to cross-site scripting (XSS) via crafted parameters in a search URL. The connected documents confirm this vulnerability as an RT issue and reference release notes su...
CVE-2025-30087
Best Practical RT Request Tracker 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL...
CVE-2025-31500
Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...
CVE-2023-41259
Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call...
CVE-2023-41260
Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls...
CVE-2022-25803
Best Practical Request Tracker RT before 5.0.3 has an Open Redirect via a ticket search...
CVE-2022-25802
Best Practical Request Tracker RT before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment...
CVE-2012-4731
FAQ manager for Request Tracker RTFM before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors...
CVE-2013-3374
Unspecified vulnerability in Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information user preferences and caches via unknown vectors, related to a "limited session re-use."...
CVE-2013-3370
Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request...
CVE-2013-3372
Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2013-3373
CRLF injection vulnerability in Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header...
CVE-2013-5587
Cross-site scripting XSS vulnerability in Request Tracker RT 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions...
CVE-2012-4733
Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...
CVE-2013-3368
bin/rt in Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name...