thr3ads.net - Secure testing team - [Secure-testing-team] Bug#546778: request-tracker3.6: XSS vulnerability when displaying Custom Field values [Sep 2009]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Dominic Hargreaves

2009-Sep-15 17:18 UTC

[Secure-testing-team] Bug#546778: request-tracker3.6: XSS vulnerability when displaying Custom Field values

Package: request-tracker3.6
Version: 3.6.7-5+lenny1
Severity: important
Tags: security patch

According to

http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.html

RT 3.6 contains a security problem which affects configurations
populating Custom Fields using untrusted data. A patch is provided.

Secure testing team - Sep 2009 - Bug#546778: request-tracker3.6: XSS vulnerability when displaying Custom Field values

[Secure-testing-team] Bug#546778: request-tracker3.6: XSS vulnerability when displaying Custom Field values