Cross-Site Scripting Vulnerability in Best Practical Request Tracker
CVE-2022-25802

6.1MEDIUM

Key Information:

Vendor

Bestpractical

Status
Request Tracker
Vendor
CVE Published:
14 July 2022

What is CVE-2022-25802?

A vulnerability has been identified in Best Practical Request Tracker that allows attackers to exploit a cross-site scripting (XSS) flaw. This vulnerability can be triggered via a specially crafted content type for attachments, enabling the execution of malicious scripts in the context of the user's browser. Users of Request Tracker versions before 4.4.6 and any 5.x versions prior to 5.0.3 are at risk. It is crucial to upgrade to the latest versions to mitigate this security threat.

References

https://docs.bestpractical.com/release-notes/rt/index.html
x_refsource_MISC
https://docs.bestpractical.com/release-notes/rt/4.4.6
x_refsource_CONFIRM
https://docs.bestpractical.com/release-notes/rt/5.0.3
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.