Описание
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 4.4.1-4 |
| bionic | not-affected | 4.4.1-4 |
| cosmic | not-affected | 4.4.1-4 |
| devel | not-affected | 4.4.1-4 |
| disco | not-affected | 4.4.1-4 |
| eoan | not-affected | 4.4.1-4 |
| esm-apps/bionic | not-affected | 4.4.1-4 |
| esm-apps/focal | not-affected | 4.4.1-4 |
| esm-apps/jammy | not-affected | 4.4.1-4 |
| esm-apps/noble | not-affected | 4.4.1-4 |
Показывать по
Ссылки на источники
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type.
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x b ...
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type.
4.3 Medium
CVSS2
6.1 Medium
CVSS3