CVE-2011-1689 — Cross-site Scripting in RT

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.6%

top 31.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bestpractical RT

Timeline

PublishedApr 22

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDbestpractical/rt65 versions+64

Patches

Patch: lists.bestpractical.com ↗Patch: lists.bestpractical.com ↗Patch: lists.bestpractical.com ↗

🔴Vulnerability Details

GHSA

GHSA-24f2-v9rg-22q2: Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2↗2022-05-17

▶

💬Community

Bugzilla

CVE-2011-1685 CVE-2011-1686 CVE-2011-1687 CVE-2011-1688 CVE-2011-1689 CVE-2011-1690 rt3: several security flaws fixed in 3.6.11, 3.8.10↗2011-04-14

▶