CVE-2015-6506
Published: 3 September 2015
Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.
Notes
Author | Note |
---|---|
tyhicks | RT 4.2.0 and above are affected up to 4.0.24, 4.2.12. |
Priority
Status
Package | Release | Status |
---|---|---|
request-tracker3.8 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
vivid |
Does not exist
|
|
request-tracker4 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
trusty |
Does not exist
(trusty was not-affected [4.0.19-1])
|
|
upstream |
Released
(4.2.11-2)
|
|
vivid |
Released
(4.2.8-3+deb8u1build0.15.04.1)
|
|
Patches: upstream: https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d1c7767d8484c4 |