CVE-2015-6506
Request Tracker < 4.2.11 - Cross-Site Scripting via Cryptography Interface Public Key
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.
References (7)
Core 7
Core References
Patch, Vendor Advisory x_refsource_confirm
https://bestpractical.com/release-notes/rt/4.2.12
Patch, Vendor Advisory x_refsource_confirm
http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3335
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html
Patch x_refsource_confirm
https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d
Scores
EPSS
0.0208
EPSS Percentile
79.2%
Details
CWE
CWE-79
Status
published
Products (1)
bestpractical/request_tracker
< 4.2.11
Published
Sep 03, 2015
Tracked Since
Feb 18, 2026