Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
https://exchange.xforce.ibmcloud.com/vulnerabilities/66796
https://bugzilla.redhat.com/show_bug.cgi?id=696795
http://www.vupen.com/english/advisories/2011/1071
http://www.securityfocus.com/bid/47383
http://www.debian.org/security/2011/dsa-2220
http://secunia.com/advisories/44189
http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html
http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html
http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html
http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html