Best Practical Request Tracker 'Custom Field' HTML Injection Vulnerability
High Nessus Network Monitor Plugin ID 5177
SynopsisThe remote host is running a web application that is affected by a HTML-injection vulnerability.
DescriptionThe remote host is running Best Practical Solutions RT, an enterprise-grade ticketing system. The version detected is potentially affected by an HTML-injection vulnerability caused by the application failing to properly sanitize user-supplied input to 'Custom Field' values. Note that this issue only exists if the installation is using Custom Fields.
SolutionUpgrade to RT 3.6.9 / 3.8.5