CVE-2013-5587

RT <4.0.13 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions.

References (6)

[Patch] http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html

[Patch] http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html

[Patch] http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html

[Vendor Advisory] http://secunia.com/advisories/53522

[Third Party Advisory] http://www.debian.org/security/2012/dsa-2670

[Third Party Advisory] http://secunia.com/advisories/53505

Scores

EPSS 0.0041

EPSS Percentile 60.8%

Details

CWE

CWE-79

Status published

Products (32)

bestpractical/rt

bestpractical/rt

bestpractical/rt

bestpractical/rt

bestpractical/rt

bestpractical/rt

bestpractical/rt

bestpractical/rt

bestpractical/rt

bestpractical/rt

... and 22 more

Published Aug 23, 2013

Tracked Since Feb 18, 2026