Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| best_practical_solutions | request_tracker | 1.0.3 |
| best_practical_solutions | request_tracker | 1.0.7 |
| best_practical_solutions | request_tracker | 1.0.6 |
| best_practical_solutions | request_tracker | 1.0.1 |
| best_practical_solutions | request_tracker | 1.0.5 |
| best_practical_solutions | request_tracker | 1.0.0 |
| best_practical_solutions | request_tracker | 1.0.2 |
| best_practical_solutions | request_tracker | 1.0.4 |
RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| best_practical_solutions | request_tracker | 3.5.head |