Cross-Site Scripting Flaw in Request Tracker by Best Practical
CVE-2013-5587

Currently unrated

Key Information:

Vendor: Bestpractical
Status: Rt
Vendor: CVE Published:; 23 August 2013

🔔 Create Bestpractical Vulnerability Alert

What is CVE-2013-5587?

A cross-site scripting (XSS) vulnerability exists in Request Tracker (RT) versions prior to 4.0.13 when the MakeClicky feature is enabled. This flaw allows remote attackers to inject arbitrary web scripts or HTML through manipulated URLs in tickets. Consequently, attackers can exploit this vulnerability to execute malicious scripts in the context of an authenticated user's browser, leading to session hijacking and unauthorized actions.

References

http://lists.bestpractical.com/pipermail/rt-announce/2013...

mailing-listx_refsource_MLIST

http://lists.bestpractical.com/pipermail/rt-announce/2013...

mailing-listx_refsource_MLIST

http://lists.bestpractical.com/pipermail/rt-announce/2013...

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 23, 2013

CVE-2013-5587 Data

JSON