CVE-2025-9158 in Request Trackerinformação

Sumário

de MITRE • 24/10/2025

The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying the ticket in the context of the logged-in user.

This vulnerability affects versions from 5.0.4 through 5.0.8 and from 6.0.0 through 6.0.1.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsável

CERT-PL

Reservar

19/08/2025

Divulgação

24/10/2025

Moderação

aceite

Entrada

VDB-329759

CPE

pronto

EPSS

0.00404

KEV

não

Atividades

muito baixo

Fontes

Might our Artificial Intelligence support you?

Check our Alexa App!