Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.
References
Link | Resource |
---|---|
http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html | Patch Vendor Advisory |
http://www.debian.org/security/2012/dsa-2670 | |
http://secunia.com/advisories/53522 | Vendor Advisory |
http://www.osvdb.org/93607 | |
http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html | Patch Vendor Advisory |
http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html | Patch Vendor Advisory |
http://secunia.com/advisories/53505 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2013-08-23 09:55
Updated : 2013-08-27 06:02
NVD link : CVE-2013-3372
Mitre link : CVE-2013-3372
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
bestpractical
- rt