4.3
CVSSv2

CVE-2016-6127

Published: 03/07/2017 Updated: 07/07/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote malicious users to inject arbitrary web script or HTML via a file upload with an unspecified content type.

Vulnerable Product Search on Vulmon Subscribe to Product

bestpractical request tracker 4.0.7

bestpractical request tracker 4.0.8

bestpractical request tracker 4.0.9

bestpractical request tracker 4.0.10

bestpractical request tracker 4.0.23

bestpractical request tracker 4.0.24

bestpractical request tracker 4.2.0

bestpractical request tracker 4.2.1

bestpractical request tracker 4.4.0

bestpractical request tracker 4.0.0

bestpractical request tracker 4.0.1

bestpractical request tracker 4.0.15

bestpractical request tracker 4.0.16

bestpractical request tracker 4.0.17

bestpractical request tracker 4.0.18

bestpractical request tracker 4.2.7

bestpractical request tracker 4.2.8

bestpractical request tracker 4.2.9

bestpractical request tracker 4.2.10

bestpractical request tracker 4.0.3

bestpractical request tracker 4.0.5

bestpractical request tracker 4.0.12

bestpractical request tracker 4.0.14

bestpractical request tracker 4.0.19

bestpractical request tracker 4.0.21

bestpractical request tracker 4.2.3

bestpractical request tracker 4.2.5

bestpractical request tracker 4.2.12

bestpractical request tracker 4.4.1

bestpractical request tracker 4.0.2

bestpractical request tracker 4.0.4

bestpractical request tracker 4.0.6

bestpractical request tracker 4.0.11

bestpractical request tracker 4.0.13

bestpractical request tracker 4.0.20

bestpractical request tracker 4.0.22

bestpractical request tracker 4.2.2

bestpractical request tracker 4.2.4

bestpractical request tracker 4.2.6

bestpractical request tracker 4.2.11

bestpractical request tracker 4.2.13

Vendor Advisories

Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-6127 It was discovered that Request Tracker is vulnerable to a cross-site scripting (XSS) attack if an attacker uploads a malicious file ...