Cross-site Scripting Vulnerability in Request Tracker by Best Practical
CVE-2013-3371

Currently unrated

Key Information:

Vendor

Bestpractical

Status
Rt
Vendor
CVE Published:
23 August 2013

What is CVE-2013-3371?

A cross-site scripting (XSS) vulnerability exists in Request Tracker versions 3.8.3 to 3.8.16 and in 4.0.x prior to 4.0.13. This flaw allows remote attackers to inject arbitrary web scripts or HTML through manipulated attachment filenames, potentially leading to the execution of malicious scripts in a user's browser session. This may compromise user data and facilitate further attacks on the system if exploited successfully.

References

http://lists.bestpractical.com/pipermail/rt-announce/2013...
mailing-listx_refsource_MLIST
http://lists.bestpractical.com/pipermail/rt-announce/2013...
mailing-listx_refsource_MLIST
http://lists.bestpractical.com/pipermail/rt-announce/2013...
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.