CVE-2015-6506

Request Tracker < 4.2.11 - Cross-Site Scripting via Cryptography Interface Public Key

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.

References (7)

Core 7
Core References
Patch, Vendor Advisory x_refsource_confirm
https://bestpractical.com/release-notes/rt/4.2.12
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3335
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html

Scores

EPSS 0.0208
EPSS Percentile 79.2%

Details

CWE
CWE-79
Status published
Products (1)
bestpractical/request_tracker < 4.2.11
Published Sep 03, 2015
Tracked Since Feb 18, 2026