CVE-2013-3371Cross-site Scripting in Request-tracker4

CWE-79Cross-site Scripting8 documents4 sources
Severity
4.3MEDIUMNVD
NVD2.6
EPSS
0.4%
top 36.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Request-tracker4Bestpractical RT
Timeline
PublishedAug 23
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

debiandebian/request-tracker4< request-tracker4 4.0.12-2 (bookworm)
NVDbestpractical/rt30 versions+29

Patches

Patch: lists.bestpractical.comPatch: lists.bestpractical.comPatch: lists.bestpractical.com

🔴Vulnerability Details

4
GHSA
GHSA-22mg-v565-j444: Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 42022-05-17
GHSA
GHSA-qfm9-mrfw-j553: Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 32022-05-17
OSV
CVE-2013-5587: Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 42013-08-23
OSV
CVE-2013-3371: Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 32013-08-23

📋Vendor Advisories

2
Debian
CVE-2013-5587: request-tracker4 - Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0....2013
Debian
CVE-2013-3371: request-tracker4 - Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3...2013
CVE-2013-3371 — Cross-site Scripting | cvebase