CVE-2013-5587
23.08.2013, 16:55
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions.
| Vendor | Product | Version |
|---|---|---|
| bestpractical | rt | 4.0.0 |
| bestpractical | rt | 4.0.0:rc1 |
| bestpractical | rt | 4.0.0:rc2 |
| bestpractical | rt | 4.0.0:rc3 |
| bestpractical | rt | 4.0.0:rc4 |
| bestpractical | rt | 4.0.0:rc5 |
| bestpractical | rt | 4.0.0:rc6 |
| bestpractical | rt | 4.0.0:rc7 |
| bestpractical | rt | 4.0.0:rc8 |
| bestpractical | rt | 4.0.1 |
| bestpractical | rt | 4.0.1:rc1 |
| bestpractical | rt | 4.0.1:rc2 |
| bestpractical | rt | 4.0.2 |
| bestpractical | rt | 4.0.2:rc1 |
| bestpractical | rt | 4.0.2:rc2 |
| bestpractical | rt | 4.0.3 |
| bestpractical | rt | 4.0.3:rc1 |
| bestpractical | rt | 4.0.3:rc2 |
| bestpractical | rt | 4.0.4 |
| bestpractical | rt | 4.0.5 |
| bestpractical | rt | 4.0.5:rc1 |
| bestpractical | rt | 4.0.6 |
| bestpractical | rt | 4.0.7 |
| bestpractical | rt | 4.0.7:rc1 |
| bestpractical | rt | 4.0.8 |
| bestpractical | rt | 4.0.8:rc1 |
| bestpractical | rt | 4.0.8:rc2 |
| bestpractical | rt | 4.0.9 |
| bestpractical | rt | 4.0.10 |
| bestpractical | rt | 4.0.11 |
| bestpractical | rt | 4.0.12 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| request-tracker3.8 |
| ||||||||||||||||||||||||
| request-tracker4 |
|
References