Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type.
References
Link | Resource |
---|---|
http://www.debian.org/security/2017/dsa-3882 | Third Party Advisory |
http://www.securityfocus.com/bid/99375 | Third Party Advisory VDB Entry |
https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-07-03T16:00:00
Updated: 2017-07-05T09:57:01
Reserved: 2016-06-29T00:00:00
Link: CVE-2016-6127
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-07-03T16:29:00.417
Modified: 2017-07-07T14:56:17.067
Link: CVE-2016-6127
JSON object: View
Redhat Information
No data.
CWE