Shodan
Vulnerabilities
Vulnerable Software
Bestpractical:  >> Request Tracker  Security Vulnerabilities
CVE-2026-6841
Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0.9 and from 6.0.0 up to 6.0.2.
CVSS Score
5.1
EPSS Score
0.002
Published
2026-05-21
CVE-2025-30087
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
CVSS Score
7.2
EPSS Score
0.003
Published
2025-05-28
CVE-2025-31500
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-05-28
CVE-2025-31501
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-05-28
CVE-2023-45024
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-11-03
CVE-2023-41259
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
CVSS Score
7.5
EPSS Score
0.007
Published
2023-11-03
CVE-2023-41260
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
CVSS Score
7.5
EPSS Score
0.007
Published
2023-11-03
CVE-2022-25802
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
CVSS Score
6.1
EPSS Score
0.006
Published
2022-07-14
CVE-2022-25803
Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-07-14
CVE-2021-38562
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
CVSS Score
7.5
EPSS Score
0.017
Published
2021-10-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved