4328 matches found
CVE-2025-62906
Missing Authorization vulnerability in epiphanyit321 Referral Link Tracker referral-link-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Referral Link Tracker: from n/a through = 1.1.4...
CVE-2025-62906 WordPress Referral Link Tracker plugin <= 1.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in epiphanyit321 Referral Link Tracker referral-link-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Referral Link Tracker: from n/a through = 1.1.4...
CVE-2025-62906
CVE-2025-62906 affects the WordPress Referral Link Tracker plugin (versions
CVE-2025-62906 WordPress Referral Link Tracker plugin <= 1.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in epiphanyit321 Referral Link Tracker referral-link-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Referral Link Tracker: from n/a through = 1.1.4...
PT-2025-43784
Missing Authorization vulnerability in epiphanyit321 Referral Link Tracker referral-link-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Referral Link Tracker: from n/a through = 1.1.4...
Linux Distros Unpatched Vulnerability : CVE-2025-9158
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML...
WordPress plugin Referral Link Tracker security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...
Linux Distros Unpatched Vulnerability : CVE-2025-61873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Best Practical Request Tracker RT before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used. CVE-2025-61873 Note that Nessus...
Debian: Security Advisory (DLA-4349-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Revive Adserver: Stored XSS in Conversion Statistics via Tracker Name
I found stored XSS on the conversion statistics page. Advertisers can inject malicious JavaScript through tracker names, which executes when admins view conversion reports www/admin/stats-conversions.php:356. I was able to steal admin session cookies using this vulnerability. This is a privilege...
[SECURITY] [DLA 4349-1] request-tracker4 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4349-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz October 26, 2025 https://wiki.debian.org/LTS -...
DLA-4349-1 request-tracker4 - security update
Bulletin has no description...
Debian dla-4349 : request-tracker4 - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4349 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4349-1 [email protected] https://www.debian.org/lts/security/...
CVE-2025-9158
The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying th...
Request Tracker 安全漏洞
Request Tracker is an issue and work order tracking system from Request Tracker, Inc. A security vulnerability exists in Request Tracker versions 5.0.4 through 5.0.8 and 6.0.0 through 6.0.1, which stems from a failure of the calendar invitation parsing feature to clean up HTML, which could lead t...
CVE-2025-9158
The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying th...
UBUNTU-CVE-2025-9158
The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying th...
CVE-2025-9158
CVE-2025-9158 affects Request Tracker: Stored XSS in the calendar invitation parsing feature that does not sanitize HTML, enabling JavaScript execution when a crafted invitation is displayed to a logged-in user. Affected versions: 5.0.4–5.0.8 and 6.0.0–6.0.1. Documented across multiple feeds (NVD...
EUVD-2025-35802
The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying th...
CVE-2025-9158 Stored XSS in Request Tracker
The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying th...