VDB

DEBIAN-CVE-2016-6127

DEBIAN-CVE-2016-6127 PUBLISHED CVSS 6.099999904632568 MEDIUM

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type.

Risk Scores

CVSS 3.0
6.099999904632568
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
Debian:12request-tracker40, 0, 0
Debian:11request-tracker40, 0, 0

Timeline

  • Jul 3, 2017 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›