CVE-2013-3372

Request Tracker <3.8.17, <4.0.13 - XSS

Title source: llm

Description

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.

References (7)

[Patch, Vendor Advisory] http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html

[Patch, Vendor Advisory] http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html

[Patch, Vendor Advisory] http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html

[Vendor Advisory] http://secunia.com/advisories/53505

[Vendor Advisory] http://secunia.com/advisories/53522

[Third Party Advisory, VDB Entry] http://www.osvdb.org/93607

[Third Party Advisory] http://www.debian.org/security/2012/dsa-2670

Scores

EPSS 0.0048

EPSS Percentile 64.8%

Details

CWE

CWE-79

Status published

Products (50)

bestpractical/rt

... and 40 more

Published Aug 23, 2013

Tracked Since Feb 18, 2026