CVE-2009-3892: XSS
First published: Tue Nov 17 2009(Updated: )
Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Best Practical Solutions Request Tracker | =3.6.7 | |
| Best Practical Solutions Request Tracker | =3.6.2 | |
| Best Practical Solutions Request Tracker | =3.6.3 | |
| Best Practical Solutions Request Tracker | =3.8.2 | |
| Best Practical Solutions Request Tracker | =3.6.0 | |
| Best Practical Solutions Request Tracker | =3.8.0 | |
| Best Practical Solutions Request Tracker | =3.4.6 | |
| Best Practical Solutions Request Tracker | =3.6.6 | |
| Best Practical Solutions Request Tracker | =3.6.5 | |
| Best Practical Solutions Request Tracker | =3.6.8 | |
| Best Practical Solutions Request Tracker | =3.8.3 | |
| Best Practical Solutions Request Tracker | =3.6.1 | |
| Best Practical Solutions Request Tracker | =3.6.4 | |
| Best Practical Solutions Request Tracker | =3.8.1 | |
| Best Practical Solutions Request Tracker | =3.8.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.html
- http://www.openwall.com/lists/oss-security/2009/11/16/4
- http://www.openwall.com/lists/oss-security/2009/11/15/1
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546778
- http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000173.html
Frequently Asked Questions
What is the severity of CVE-2009-3892?
CVE-2009-3892 is classified as a medium severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2009-3892?
To fix CVE-2009-3892, upgrade to Best Practical Solutions RT version 3.6.9 or 3.8.5 or later.
Which versions are affected by CVE-2009-3892?
CVE-2009-3892 affects Best Practical Solutions RT versions 3.4.6 to 3.8.4 and versions 3.6.x before 3.6.9 and 3.8.x before 3.8.5.
What kind of attacks can CVE-2009-3892 be used for?
CVE-2009-3892 can be exploited to perform cross-site scripting attacks allowing attackers to inject arbitrary web scripts or HTML.
When was CVE-2009-3892 disclosed?
CVE-2009-3892 was publicly disclosed in September 2009.
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/bestpractical
- canonical/best practical solutions request tracker
- version/best practical solutions request tracker/3.6.7
- version/best practical solutions request tracker/3.6.2
- version/best practical solutions request tracker/3.6.3
- version/best practical solutions request tracker/3.8.2
- version/best practical solutions request tracker/3.6.0
- version/best practical solutions request tracker/3.8.0
- version/best practical solutions request tracker/3.4.6
- version/best practical solutions request tracker/3.6.6
- version/best practical solutions request tracker/3.6.5
- version/best practical solutions request tracker/3.6.8
- version/best practical solutions request tracker/3.8.3
- version/best practical solutions request tracker/3.6.1
- version/best practical solutions request tracker/3.6.4
- version/best practical solutions request tracker/3.8.1
- version/best practical solutions request tracker/3.8.4