Shodan
Vulnerabilities
Vulnerable Software
Bestpractical:  Security Vulnerabilities
CVE-2026-6841
Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0.9 and from 6.0.0 up to 6.0.2.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-05-21
CVE-2025-30087
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
CVSS Score
7.2
EPSS Score
0.003
Published
2025-05-28
CVE-2025-31500
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-05-28
CVE-2025-31501
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-05-28
CVE-2023-45024
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-03
CVE-2023-41259
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-03
CVE-2023-41260
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-03
CVE-2022-25800
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-07-14
CVE-2022-25801
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-07-14
CVE-2022-25802
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
CVSS Score
6.1
EPSS Score
0.011
Published
2022-07-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved