cbcvebase.

Bestpractical Request Tracker vulnerabilities

28 known vulnerabilities affecting bestpractical/request_tracker.

Total CVEs
28
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH9MEDIUM18LOW1

Vulnerabilities

Page 2 of 2
CVE-2012-6581P4MEDIUMCVSS 4.3v3.8.3v3.8.4+15 more2013-07-24
CVE-2012-6581 [MEDIUM] CWE-264 CVE-2012-6581: Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allow Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege.
nvd
CVE-2012-6578P4MEDIUMCVSS 4.3v3.8.3v3.8.4+15 more2013-07-24
CVE-2012-6578 [MEDIUM] CWE-310 CVE-2012-6578: Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics.
nvd
CVE-2022-25803P4MEDIUMCVSS 6.1fixed in 5.0.32022-07-14
CVE-2022-25803 [MEDIUM] CWE-601 CVE-2022-25803: Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search. Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.
nvd
CVE-2015-6506P4MEDIUMCVSS 4.3≤ 4.2.112015-09-03
CVE-2015-6506 [MEDIUM] CWE-79 CVE-2015-6506: Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) befor Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.
nvd
CVE-2015-5475P4MEDIUMCVSS 4.3≤ 4.2.112015-08-14
CVE-2015-5475 [MEDIUM] CWE-79 CVE-2015-5475: Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages.
nvd
CVE-2013-3736P4MEDIUMCVSS 4.3v4.0.0v4.0.1+11 more2014-05-05
CVE-2013-3736 [MEDIUM] CWE-79 CVE-2013-3736: Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension befor Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file.
nvd
CVE-2012-6580P4MEDIUMCVSS 4.3v3.8.3v3.8.4+15 more2013-07-24
CVE-2012-6580 [MEDIUM] CWE-310 CVE-2012-6580: Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address.
nvd
CVE-2025-61873P4LOWCVSS 2.6fixed in 4.4.9≥ 5.0, < 5.0.9+1 more2026-01-16
CVE-2025-61873 [LOW] CWE-1236 CVE-2025-61873: Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket v Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.
nvd
Bestpractical Request Tracker vulnerabilities | cvebase