Reflected Cross-Site Scripting Vulnerability in Request Tracker by Best Practical
CVE-2026-6841

5.1MEDIUM

Key Information:

Vendor: Best Practical
Status: Request Tracker
Vendor: CVE Published:; 21 May 2026

🔔 Create Best Practical Vulnerability Alert

What is CVE-2026-6841?

A reflected cross-site scripting vulnerability exists in Request Tracker, allowing attackers to exploit the 'Page' parameter in GET requests. By crafting malicious URLs, an attacker can execute arbitrary JavaScript code in the browser of affected users, leading to potential data theft and session hijacking. This vulnerability impacts several versions of Request Tracker, making it crucial for users to stay informed and apply necessary updates.