CVE-2013-3736

2014-05-0517:00:00

mitre

www.cve.org

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file.

References

lists.bestpractical.com/pipermail/rt-announce/2013-June/000230.html

osvdb.org/94281

secunia.com/advisories/53799

exchange.xforce.ibmcloud.com/vulnerabilities/84963