Bestpractical : Security vulnerabilities, CVEs xss, cross site scripting published in 2013

Copy

CVE-2013-5587

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions.

Max CVSS

2.6

EPSS Score

0.17%

Published

2013-08-23

Updated

2013-08-26

CVE-2013-3372

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.

Max CVSS

4.3

EPSS Score

0.29%

Published

2013-08-23

Updated

2013-08-27

CVE-2013-3371

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment.

Max CVSS

4.3

EPSS Score

0.18%

Published

2013-08-23

Updated

2013-08-26

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!