CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30087 – Debian Security Advisory 5909-1
https://notcve.org/view.php?id=CVE-2025-30087
05 May 2025 — Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL. Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system, which could result in information disclosure, cross-site scripting and use of weak encryption for S/MIME emails. • https://docs.bestpractical.com/release-notes/rt/4.4.8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31500 – Debian Security Advisory 5909-1
https://notcve.org/view.php?id=CVE-2025-31500
05 May 2025 — Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name. Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system, which could result in information disclosure, cross-site scripting and use of weak encryption for S/MIME emails. • https://docs.bestpractical.com/release-notes/rt/5.0.8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31501 – Debian Security Advisory 5909-1
https://notcve.org/view.php?id=CVE-2025-31501
05 May 2025 — Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink. Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system, which could result in information disclosure, cross-site scripting and use of weak encryption for S/MIME emails. • https://docs.bestpractical.com/release-notes/rt/5.0.8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •