VDB
DEBIAN-CVE-2016-6127
DEBIAN-CVE-2016-6127
PUBLISHED
CVSS 6.099999904632568 MEDIUM
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type.
Risk Scores
CVSS 3.0
6.099999904632568
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | request-tracker4 | 0, 0, 0 |
| Debian:11 | request-tracker4 | 0, 0, 0 |
Timeline
- Jul 3, 2017 CVE Published
- Apr 28, 2026 CVE Updated