CNNVD-202510-3333 Information

CNNVD ID

CNNVD-202510-3333

Related CVE

CVE-2025-9158

• CNNVD Published: 2025-10-25

Description (Chinese)

Request Tracker是Request Tracker公司的一个问题和工单跟踪系统。 Request Tracker 5.0.4版本至5.0.8版本和6.0.0版本至6.0.1版本存在安全漏洞，该漏洞源于日历邀请解析功能未对HTML进行清理，可能导致存储型跨站脚本攻击。

Description (English)

Request Tracker is an issue with Request Tracker and a worksheet tracking system. There is a security loophole between Versions 5.4 to 5.0.8 and 6.0.0 to 6.0.1 of Request Tracker, which stems from the fact that the calendar invitation resolution function does not clean up HTML and may result in a storage-type cross-site scrip attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Request Tracker

Published

2025-10-25

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/cve-2025-9158 https://vigilance.fr/vulnerability/Request-Tracker-vulnerability-via-CVE-2025-9158-48564