RT -- two XSS vulnerabilities
Best Practical reports:
RT 4.0.0 and above are vulnerable to a cross-site
scripting (XSS) attack via the user and group rights
management pages. This vulnerability is assigned
CVE-2015-5475. It was discovered and reported by Marcin
Kopec at Data Reliance Shared Service Center.
RT 4.2.0 and above are vulnerable to a cross-site
scripting (XSS) attack via the cryptography interface.
This vulnerability could allow an attacker with a
interface. Installations which use neither GnuPG nor
S/MIME are unaffected.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright