CVE-2013-3371
Published: 23 August 2013
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment.
Notes
Author | Note |
---|---|
seth-arnold | See also CVE-2013-5587; 4 marked not-affected here |
Priority
Status
Package | Release | Status |
---|---|---|
request-tracker3.8 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.8.17)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
request-tracker4 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|
|
utopic |
Not vulnerable
|
|
vivid |
Not vulnerable
|
|
wily |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Not vulnerable
|
|
zesty |
Not vulnerable
|