threat
engine
.sh
Back
·
··:··
Home
/
Product
/
bestpractical request tracker
Product
bestpractical request tracker
29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-31501
>= 4.4.0 and < 4.4.8
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.
7.2
HIGH
CVE-2025-31500
>= 5.0.0 and < 5.0.8
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.
7.2
HIGH
CVE-2025-30087
>= 4.4.0 and < 4.4.8
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a se
7.2
HIGH
CVE-2023-45024
>= 5.0.0 and < 5.0.5
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query
7.5
HIGH
CVE-2023-41260
< 4.4.7
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway RES
7.5
HIGH
CVE-2023-41259
< 4.4.7
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email h
7.5
HIGH
CVE-2022-25803
< 5.0.3
Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.
6.1
MEDIUM
CVE-2022-25802
< 4.4.6
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
6.1
MEDIUM
CVE-2021-38562
>= 4.2.0 and < 4.2.17
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclos
7.5
HIGH
CVE-2018-18898
>= 4.1.13 and <= 4.4.0
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via
7.5
HIGH
CVE-2017-5944
all versions
The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might
8.8
HIGH
CVE-2017-5943
all versions
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive in
8.8
HIGH
CVE-2017-5361
all versions
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algori
5.9
MEDIUM
CVE-2016-6127
all versions
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, w
6.1
MEDIUM
CVE-2015-6506
<= 4.2.11
Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attacke
CVE-2015-5475
<= 4.2.11
Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arb
CVE-2015-1464
<= 4.0.22
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
CVE-2015-1165
all versions
RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS f
CVE-2014-9472
all versions
The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to c
CVE-2013-3737
all versions
The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-ba
CVE-2013-3736
all versions
Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT)
CVE-2012-6581
all versions
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass i
CVE-2012-6580
all versions
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels
CVE-2012-6579
all versions
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configur
CVE-2012-6578
all versions
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue confi
CVE-2013-3525
<= 4.0.9
SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary
CVE-2012-2768
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for
CVE-2006-2169
all versions
RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html,
CVE-2003-0273
all versions
Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers t
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin