Vulnerability Details CVE-2026-6841
Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser.
This vulnerability affects versions from 5.0.4 up to 5.0.9 and from 6.0.0 up to 6.0.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.7%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2026-6841
-
cpe:2.3:a:bestpractical:request_tracker:5.0.4
-
cpe:2.3:a:bestpractical:request_tracker:5.0.5
-
cpe:2.3:a:bestpractical:request_tracker:5.0.6
-
cpe:2.3:a:bestpractical:request_tracker:5.0.7
-
cpe:2.3:a:bestpractical:request_tracker:5.0.8
-
cpe:2.3:a:bestpractical:request_tracker:5.0.9
-
cpe:2.3:a:bestpractical:request_tracker:6.0.0
-
cpe:2.3:a:bestpractical:request_tracker:6.0.2