CVE-2013-5587 — Cross-site Scripting in Request-tracker4

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

2.6LOWNVD

OSV4.3

EPSS

0.4%

top 38.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Request-tracker4 Bestpractical RT

Timeline

PublishedAug 23

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/request-tracker4< request-tracker4 4.0.12-2 (bookworm)

▶NVDbestpractical/rt13 versions+12

Patches

Patch: lists.bestpractical.com ↗Patch: lists.bestpractical.com ↗Patch: lists.bestpractical.com ↗

🔴Vulnerability Details

GHSA

GHSA-22mg-v565-j444: Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4↗2022-05-17

▶

OSV

CVE-2013-5587: Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4↗2013-08-23

▶

📋Vendor Advisories

Debian

CVE-2013-5587: request-tracker4 - Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0....↗2013

▶