CVE-2015-6506
NONE EPSS 79.1%
Published Sep 3, 201510y ago · Modified Jun 17, 20262w ago
Published Sep 3, 2015 10y ago
Last Modified Jun 17, 2026 2w ago
Description
Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.
Threat Intelligence
EPSS Exploit Probability
79.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| bestpractical | request_tracker | * | ≤4.2.11 |
References 7
- blog.bestpractical.com http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html
- debian.org http://www.debian.org/security/2015/dsa-3335
- bestpractical.com https://bestpractical.com/release-notes/rt/4.2.12
- github.com https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d
Remediation
- blog.bestpractical.com http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html
- bestpractical.com https://bestpractical.com/release-notes/rt/4.2.12