Lucene search

K

Ubuntu.comUB:CVE-2013-5587

HistoryAug 23, 2013 - 12:00 a.m.

CVE-2013-5587

2013-08-2300:00:00

ubuntu.com

ubuntu.com

10

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

66.4%

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before
4.0.13, when MakeClicky is configured, allows remote attackers to inject
arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has
been SPLIT from CVE-2013-3371 due to different affected versions.

Notes

Author	Note
seth-arnold	See also CVE-2013-3371; 3.8 marked not-affected here

References

lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html

lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html

lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html

secunia.com/advisories/53505

secunia.com/advisories/53522

www.debian.org/security/2013/dsa-2670

launchpad.net/bugs/cve/CVE-2013-5587

nvd.nist.gov/vuln/detail/CVE-2013-5587

security-tracker.debian.org/tracker/CVE-2013-5587

www.cve.org/CVERecord?id=CVE-2013-5587

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

66.4%

Related for UB:CVE-2013-5587

debiancve2 prion2 nvd2 cve2 ubuntucve1 cvelist2 openvas5 nessus5 osv2 debian4 freebsd1 mageia1