XSS in Bestpractical Request_tracker

CVE-2015-6506

Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (63.6th percentile) — read the EPSS interpretation.

Affected products

Bestpractical Request_tracker
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

security@debian.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
security@debian.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
FEDORA-2015-13718 (x_refsource_FEDORA, vendor-advisory)
FEDORA-2015-13641 (x_refsource_FEDORA, vendor-advisory)
DSA-3335 (vendor-advisory, x_refsource_DEBIAN)
FEDORA-2015-13664 (x_refsource_FEDORA, vendor-advisory)
security@debian.org (x_refsource_CONFIRM)