CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3262 – Information exposure vulnerability in Request Tracker (RT)
https://notcve.org/view.php?id=CVE-2024-3262
04 Apr 2024 — Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination. Vulnerabilidad de exposición de información en el software RT que afecta a la versión 4.4.1. Esta vulnerabilidad permite a un atacante con acceso loc... • https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2012-2768
https://notcve.org/view.php?id=CVE-2012-2768
15 Aug 2012 — Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en la página de administración de tema en la extensión RTFM v2.0.4 hasta la v2.4.3 para (Best Practical Solutions RT) permite a atacantes remotos inyectar código web o HTML arbitrario a tra... • http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2169
https://notcve.org/view.php?id=CVE-2006-2169
04 May 2006 — RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message. • http://pridels0.blogspot.com/2006/04/rt-request-tracker-vuln.html •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2003-0273
https://notcve.org/view.php?id=CVE-2003-0273
09 May 2003 — Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies. Vulnerabilidad de secuencias de comandos en sitios cruzados en la interfaz web para Request Racker (RT) 1.0 hasta 1.0.7 permite que atacantes remotos ejecuten script mediante cuerpos de mensaje. • http://lists.fsck.com/pipermail/rt-announce/2003-May/000071.html •