First published: Tue Nov 17 2009(Updated: )
Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Best Practical Solutions Request Tracker | =3.6.7 | |
Best Practical Solutions Request Tracker | =3.6.2 | |
Best Practical Solutions Request Tracker | =3.6.3 | |
Best Practical Solutions Request Tracker | =3.8.2 | |
Best Practical Solutions Request Tracker | =3.6.0 | |
Best Practical Solutions Request Tracker | =3.8.0 | |
Best Practical Solutions Request Tracker | =3.4.6 | |
Best Practical Solutions Request Tracker | =3.6.6 | |
Best Practical Solutions Request Tracker | =3.6.5 | |
Best Practical Solutions Request Tracker | =3.6.8 | |
Best Practical Solutions Request Tracker | =3.8.3 | |
Best Practical Solutions Request Tracker | =3.6.1 | |
Best Practical Solutions Request Tracker | =3.6.4 | |
Best Practical Solutions Request Tracker | =3.8.1 | |
Best Practical Solutions Request Tracker | =3.8.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2009-3892 is classified as a medium severity cross-site scripting (XSS) vulnerability.
To fix CVE-2009-3892, upgrade to Best Practical Solutions RT version 3.6.9 or 3.8.5 or later.
CVE-2009-3892 affects Best Practical Solutions RT versions 3.4.6 to 3.8.4 and versions 3.6.x before 3.6.9 and 3.8.x before 3.8.5.
CVE-2009-3892 can be exploited to perform cross-site scripting attacks allowing attackers to inject arbitrary web scripts or HTML.
CVE-2009-3892 was publicly disclosed in September 2009.