Best Practical Request Tracker vulnerabilities
2 known vulnerabilities affecting best_practical/request_tracker.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-9158P4MEDIUMCVSS 5.3≥ 5.0.4, ≤ 5.0.8≥ 6.0.0, ≤ 6.0.12025-10-24
CVE-2025-9158 [MEDIUM] CWE-79 CVE-2025-9158: The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation pars
The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying the ticket in the context of the logged-in user.
This vuln
nvd
CVE-2026-6841P4MEDIUMCVSS 6.1≥ 5.0.4, < 5.0.10≥ 6.0.0, < 6.0.32026-05-21
CVE-2026-6841 [MEDIUM] CWE-79 CVE-2026-6841: Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page"
Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser.
This vulnerability affects versions from 5.0.4 up to 5.0.9 and from 6.0.0 up to 6.0.2.
nvd