CVE-2009-3892
published 2009-11-17CVE-2009-3892: Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.08%
61.0th percentile
Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x22r-vm4q-c7vr: Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3
ghsa_unreviewed·2022-05-02
CVE-2009-3892 [MEDIUM] CWE-79 GHSA-x22r-vm4q-c7vr: Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3
Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields.
Red Hat
Request Tracker XSS flaw
vendor_redhat·2009-11-14·CVSS 4.3
CVE-2009-3892 [MEDIUM] CWE-79 Request Tracker XSS flaw
Request Tracker XSS flaw
Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-3892 Request Tracker XSS flaw
bugzilla·2009-11-17·CVSS 4.3
CVE-2009-3892 [MEDIUM] CVE-2009-3892 Request Tracker XSS flaw
CVE-2009-3892 Request Tracker XSS flaw
Cross-site scripting (XSS) vulnerability in Best Practical Solutions
RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through
3.8.4 versions allows remote attackers to inject arbitrary web script
or HTML via certain Custom Fields.
Reference: URL:http://www.openwall.com/lists/oss-security/2009/11/15/1
Reference: URL:http://www.openwall.com/lists/oss-security/2009/11/16/4
Reference: URL:http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.html
Reference: URL:http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000173.html
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546778
Discussion:
Created rt3 tracking bugs for this issue
CVE-2009-3892 Affects: F10 [bug #538174]
CVE-2009-3892
Bugzilla
CVE-2009-3892 Request Tracker XSS flaw [F10]
bugzilla·2009-11-17·CVSS 4.3
CVE-2009-3892 [MEDIUM] CVE-2009-3892 Request Tracker XSS flaw [F10]
CVE-2009-3892 Request Tracker XSS flaw [F10]
F10 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
You can eventually use the following link to create the update request:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%2010&bugs=538174,
---
*** This bug has been marked as a duplicate of bug 526870 ***
Bugzilla
CVE-2009-3892 Request Tracker XSS flaw [Fdevel]
bugzilla·2009-11-17·CVSS 4.3
CVE-2009-3892 [MEDIUM] CVE-2009-3892 Request Tracker XSS flaw [Fdevel]
CVE-2009-3892 Request Tracker XSS flaw [Fdevel]
Fdevel tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
*** This bug has been marked as a duplicate of bug 526870 ***
Bugzilla
CVE-2009-3892 Request Tracker XSS flaw [F12]
bugzilla·2009-11-17·CVSS 4.3
CVE-2009-3892 [MEDIUM] CVE-2009-3892 Request Tracker XSS flaw [F12]
CVE-2009-3892 Request Tracker XSS flaw [F12]
F12 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
You can eventually use the following link to create the update request:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%2012&bugs=538176,
---
*** This bug has been marked as a duplicate of bug 526870 ***
Bugzilla
CVE-2009-3892 Request Tracker XSS flaw [F11]
bugzilla·2009-11-17·CVSS 4.3
CVE-2009-3892 [MEDIUM] CVE-2009-3892 Request Tracker XSS flaw [F11]
CVE-2009-3892 Request Tracker XSS flaw [F11]
F11 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
You can eventually use the following link to create the update request:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%2011&bugs=538175,
---
*** This bug has been marked as a duplicate of bug 526870 ***
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546778http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.htmlhttp://lists.bestpractical.com/pipermail/rt-announce/2009-September/000173.htmlhttp://www.openwall.com/lists/oss-security/2009/11/15/1http://www.openwall.com/lists/oss-security/2009/11/16/4http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546778http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.htmlhttp://lists.bestpractical.com/pipermail/rt-announce/2009-September/000173.htmlhttp://www.openwall.com/lists/oss-security/2009/11/15/1http://www.openwall.com/lists/oss-security/2009/11/16/4
2009-11-17
Published