CVE-2015-6506

NONE EPSS 79.1%
Published Sep 3, 201510y ago · Modified Jun 17, 20262w ago
Find Similar
Published Sep 3, 2015 10y ago
Last Modified Jun 17, 2026 2w ago

Description

Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.

Threat Intelligence

EPSS Exploit Probability
79.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
bestpracticalrequest_tracker* ≤4.2.11

References 7

  • blog.bestpractical.com http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html
    PatchVendor Advisory
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html
  • debian.org http://www.debian.org/security/2015/dsa-3335
  • bestpractical.com https://bestpractical.com/release-notes/rt/4.2.12
    PatchVendor Advisory
  • github.com https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d

Remediation

  • blog.bestpractical.com http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html
    PatchVendor Advisory
  • bestpractical.com https://bestpractical.com/release-notes/rt/4.2.12
    PatchVendor Advisory