Cross-site Scripting Vulnerability in Request Tracker by Best Practical
CVE-2015-6506

Currently unrated

Key Information:

Vendor: Bestpractical
Status: Request Tracker
Vendor: CVE Published:; 3 September 2015

🔔 Create Bestpractical Vulnerability Alert

What is CVE-2015-6506?

A cross-site scripting (XSS) vulnerability in the cryptography interface of Request Tracker (RT) prior to version 4.2.12 enables remote attackers to execute arbitrary web scripts or HTML by injecting malicious content through a crafted public key. This flaw can lead to unauthorized data exposure and potentially compromise user interactions within the application.

References

https://bestpractical.com/release-notes/rt/4.2.12

x_refsource_CONFIRM

http://blog.bestpractical.com/2015/08/security-vulnerabil...

x_refsource_CONFIRM

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2015
Vulnerability Reserved
Aug 18, 2015

CVE-2015-6506 Data

JSON