Cross-Site Scripting Vulnerabilities in Request Tracker by Best Practical
CVE-2015-5475

Currently unrated

Key Information:

Vendor: Bestpractical
Status: Request Tracker
Vendor: CVE Published:; 14 August 2015

🔔 Create Bestpractical Vulnerability Alert

What is CVE-2015-5475?

Multiple cross-site scripting (XSS) vulnerabilities exist in Request Tracker (RT) versions prior to 4.2.12. These flaws enable remote attackers to inject arbitrary web scripts or HTML content through vulnerabilities associated with the user and group rights management pages, potentially compromising user accounts and the integrity of the system.

References

https://bestpractical.com/release-notes/rt/4.2.12

x_refsource_CONFIRM

http://blog.bestpractical.com/2015/08/security-vulnerabil...

x_refsource_CONFIRM

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2015
Vulnerability Reserved
Jul 10, 2015

CVE-2015-5475 Data

JSON