CVE-2009-3892 — Cross-site Scripting in RT

CWE-79 — Cross-site Scripting8 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 44.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bestpractical RT

Timeline

PublishedNov 17

Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDbestpractical/rt15 versions+14

Patches

Patch: lists.bestpractical.com ↗Patch: lists.bestpractical.com ↗Patch: lists.bestpractical.com ↗

🔴Vulnerability Details

GHSA

GHSA-x22r-vm4q-c7vr: Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3↗2022-05-02

▶

📋Vendor Advisories

Red Hat

Request Tracker XSS flaw↗2009-11-14

▶

💬Community

Bugzilla

CVE-2009-3892 Request Tracker XSS flaw↗2009-11-17

▶

Bugzilla

CVE-2009-3892 Request Tracker XSS flaw [F10]↗2009-11-17

▶

Bugzilla

CVE-2009-3892 Request Tracker XSS flaw [Fdevel]↗2009-11-17

▶

Bugzilla

CVE-2009-3892 Request Tracker XSS flaw [F12]↗2009-11-17

▶

Bugzilla

CVE-2009-3892 Request Tracker XSS flaw [F11]↗2009-11-17

▶