logo

Database

Reflected cross-site scripting (XSS) In request-tracker4

Description

Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-300872. NVD-2025-300873. OSV-DEBIAN-2025-300874. OSV-2025-300875. SECURITY-TRACKER-CVE-2025-30087

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.