Vulnerabilities > Bestpractical > Request Tracker > 4.1.12

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2023-41259 Unspecified vulnerability in Bestpractical Request Tracker
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
network
low complexity
bestpractical
7.5
7.5
2023-11-03 CVE-2023-41260 Unspecified vulnerability in Bestpractical Request Tracker
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
network
low complexity
bestpractical
7.5
7.5
2022-07-14 CVE-2022-25802 Cross-site Scripting vulnerability in Bestpractical Request Tracker
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
network
low complexity
bestpractical CWE-79
6.1
6.1
2022-07-14 CVE-2022-25803 Open Redirect vulnerability in Bestpractical Request Tracker
Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.
network
low complexity
bestpractical CWE-601
6.1
6.1