Search CVE reports
1 – 10 of 13 results
The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically...
1 affected package
request-tracker5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker5 | Needs evaluation | Needs evaluation | — | — |
security update
2 affected packages
request-tracker4, request-tracker5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| request-tracker5 | Needs evaluation | Needs evaluation | — | — |
Some fixes available 3 of 4
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.
1 affected package
request-tracker5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker5 | Fixed | Fixed | Not in release | — |
Some fixes available 3 of 4
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.
1 affected package
request-tracker5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker5 | Fixed | Fixed | Not in release | — |
Some fixes available 3 of 12
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
2 affected packages
request-tracker4, request-tracker5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| request-tracker5 | Fixed | Fixed | Not in release | — |
Some fixes available 3 of 12
Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and...
2 affected packages
request-tracker4, request-tracker5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| request-tracker5 | Fixed | Fixed | Not in release | — |
Some fixes available 2 of 13
Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as...
2 affected packages
request-tracker4, request-tracker5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| request-tracker5 | Fixed | Fixed | Not in release | — |
Some fixes available 1 of 3
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
1 affected package
request-tracker5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker5 | Not affected | Fixed | Not in release | Not in release |
Some fixes available 6 of 9
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
2 affected packages
request-tracker4, request-tracker5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker4 | Not affected | Fixed | Fixed | Fixed |
| request-tracker5 | Not affected | Fixed | Not in release | Not in release |
Some fixes available 6 of 9
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
2 affected packages
request-tracker4, request-tracker5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker4 | Not affected | Fixed | Fixed | Fixed |
| request-tracker5 | Not affected | Fixed | Not in release | Ignored |