XSS in Bestpractical Rt

CVE-2013-3372

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.005 (65.5th percentile) — read the EPSS interpretation.

Affected products

Bestpractical Rt — versions 4.0.0, 4.0.1, 4.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

[rt-announce] 20130522 RT 3.8.17 released (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
[rt-announce] 20130522 Security vulnerabilities in RT (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
[rt-announce] 20130522 RT 4.0.13 released (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
93607 (x_refsource_OSVDB, vdb-entry)
53505 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
DSA-2670 (vendor-advisory, x_refsource_DEBIAN)
53522 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)