Page 5 of 23 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en la página de administración de tema en la extensión RTFM v2.0.4 hasta la v2.4.3 para (Best Practical Solutions RT) permite a atacantes remotos inyectar código web o HTML arbitrario a través de vectores no especificados. • http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html http://secunia.com/advisories/50024 http://secunia.com/advisories/50440 http://www.securityfocus.com/bid/54689 https://exchange.xforce.ibmcloud.com/vulnerabilities/77212 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message. • http://pridels0.blogspot.com/2006/04/rt-request-tracker-vuln.html https://exchange.xforce.ibmcloud.com/vulnerabilities/26164 •

CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies. Vulnerabilidad de secuencias de comandos en sitios cruzados en la interfaz web para Request Racker (RT) 1.0 hasta 1.0.7 permite que atacantes remotos ejecuten script mediante cuerpos de mensaje. • http://lists.fsck.com/pipermail/rt-announce/2003-May/000071.html http://marc.info/?l=bugtraq&m=105240947225275&w=2 •