RT (aka Request Tracker) prior to 4.0.23 and 4.2.x prior to 4.2.10 allows remote malicious users to hijack sessions via an RSS feed URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fedoraproject fedora 22 |
||
fedoraproject fedora 21 |
||
bestpractical request tracker 4.2.9 |
||
bestpractical request tracker 4.2.1 |
||
bestpractical request tracker 4.2.2 |
||
bestpractical request tracker 4.2.3 |
||
bestpractical request tracker 4.2.4 |
||
bestpractical request tracker |
||
bestpractical request tracker 4.2.6 |
||
bestpractical request tracker 4.2.8 |
||
bestpractical request tracker 4.2.0 |
||
bestpractical request tracker 4.2.5 |
||
bestpractical request tracker 4.2.7 |