CVE-2013-5587

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.7:rc1:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.3:rc1:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.8:rc1:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.3:rc2:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.8:rc2:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*
cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*

Information

Published : 2013-08-23 09:55

Updated : 2013-08-26 07:58


NVD link : CVE-2013-5587

Mitre link : CVE-2013-5587


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

bestpractical

  • rt