Vulnerabilities > Bestpractical

DATE	CVE	VULNERABILITY TITLE	RISK
2017-07-03	CVE-2017-5943	Cross-Site Request Forgery (CSRF) vulnerability in Bestpractical Request Tracker Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL. network low complexity bestpractical CWE-352	8.8
2017-07-03	CVE-2017-5361	Unspecified vulnerability in Bestpractical Request Tracker Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack. network high complexity bestpractical	5.9
2017-07-03	CVE-2016-6127	Cross-site Scripting vulnerability in Bestpractical Request Tracker Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type. network low complexity bestpractical CWE-79	6.1

Vulnerabilities > Bestpractical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Bestpractical"}]}