Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.
References
Link | Resource |
---|---|
http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html | Patch Vendor Advisory |
http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html | Patch Vendor Advisory |
http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html | Patch Vendor Advisory |
http://secunia.com/advisories/53505 | Vendor Advisory |
http://secunia.com/advisories/53522 | Vendor Advisory |
http://www.debian.org/security/2012/dsa-2670 | |
http://www.osvdb.org/93607 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:14:44
Updated: 2022-10-03T16:14:44
Reserved: 2022-10-03T00:00:00
Link: CVE-2013-3372
JSON object: View
NVD Information
Status : Analyzed
Published: 2013-08-23T16:55:07.293
Modified: 2013-08-27T13:02:55.460
Link: CVE-2013-3372
JSON object: View
Redhat Information
No data.
CWE