Product:

Request_tracker

(Bestpractical)
Repositories https://github.com/bestpractical/rt
#Vulnerabilities 26
Date Id Summary Products Score Patch Annotated
2025-05-28 CVE-2025-30087 Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL. Request_tracker 6.1
2025-05-28 CVE-2025-31500 Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name. Request_tracker 6.1
2025-05-28 CVE-2025-31501 Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink. Request_tracker 6.1
2021-10-18 CVE-2021-38562 Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. Request_tracker, Debian_linux, Fedora 7.5
2022-07-14 CVE-2022-25802 Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment. Request_tracker 6.1
2022-07-14 CVE-2022-25803 Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search. Request_tracker 6.1