CVE-2011-1689

Best Practical Solutions RT <4.0.0rc - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (10)

[Various Sources] http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html

[Patch] http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html

[Patch] http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html

[Patch] http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html

[Vendor Advisory] http://secunia.com/advisories/44189

[Patch] https://bugzilla.redhat.com/show_bug.cgi?id=696795

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/66796

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/47383

[Third Party Advisory] http://www.debian.org/security/2011/dsa-2220

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/1071

Scores

EPSS 0.0056

EPSS Percentile 67.9%

Classification

CWE

CWE-79

Status published

Affected Products (50)

bestpractical/rt

... and 35 more

Timeline

Published Apr 22, 2011

Tracked Since Feb 18, 2026