CVE-2009-3892

Best Practical Solutions RT <3.6.9, <3.8.5 & 3.4.6-3.8.4 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields.

References (5)

[Issue Tracking] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546778

[Patch] http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.html

[Patch] http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000173.html

[Mailing List] http://www.openwall.com/lists/oss-security/2009/11/15/1

[Mailing List] http://www.openwall.com/lists/oss-security/2009/11/16/4

Scores

EPSS 0.0033

EPSS Percentile 55.5%

Classification

CWE

CWE-79

Status published

Affected Products (16)

bestpractical/rt

... and 1 more

Timeline

Published Nov 17, 2009

Tracked Since Feb 18, 2026