Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x prior to 4.0.13, when MakeClicky is configured, allows remote malicious users to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bestpractical rt 4.0.0 |
||
bestpractical rt 4.0.5 |
||
bestpractical rt 4.0.6 |
||
bestpractical rt 4.0.7 |
||
bestpractical rt 4.0.9 |
||
bestpractical rt 4.0.1 |
||
bestpractical rt 4.0.3 |
||
bestpractical rt 4.0.8 |
||
bestpractical rt 4.0.12 |
||
bestpractical rt 4.0.11 |
||
bestpractical rt 4.0.10 |
||
bestpractical rt 4.0.2 |
||
bestpractical rt 4.0.4 |