Bestpractical

Request Tracker

26 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-31501

  • EPSS 0.03%
  • Published 28.05.2025 00:00:00
  • Last modified 09.06.2025 18:59:03

Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.

6.1

CVE-2025-31500

  • EPSS 0.03%
  • Published 28.05.2025 00:00:00
  • Last modified 09.06.2025 18:58:52

Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.

6.1

CVE-2025-30087

  • EPSS 0.03%
  • Published 28.05.2025 00:00:00
  • Last modified 09.06.2025 18:58:37

Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.

7.5

CVE-2023-45024

  • EPSS 0.1%
  • Published 03.11.2023 05:15:30
  • Last modified 21.11.2024 08:26:14

Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.

7.5

CVE-2023-41260

  • EPSS 0.25%
  • Published 03.11.2023 05:15:29
  • Last modified 21.11.2024 08:20:56

Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.

7.5

CVE-2023-41259

  • EPSS 0.19%
  • Published 03.11.2023 05:15:29
  • Last modified 21.11.2024 08:20:55

Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.

6.1

CVE-2022-25803

  • EPSS 0.18%
  • Published 14.07.2022 12:15:11
  • Last modified 21.11.2024 06:53:01

Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.

6.1

CVE-2022-25802

  • EPSS 0.87%
  • Published 14.07.2022 12:15:11
  • Last modified 21.11.2024 06:53:01

Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.

7.5

CVE-2021-38562

  • EPSS 0.1%
  • Published 18.10.2021 09:15:08
  • Last modified 21.11.2024 06:17:27

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

7.5

CVE-2018-18898

  • EPSS 1.47%
  • Published 21.03.2019 16:00:29
  • Last modified 21.11.2024 03:56:50

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.