Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Best Practical Request Tracker 'Custom Field' HTML Injection Vulnerability

High

Synopsis

The remote host is running a web application that is affected by a HTML-injection vulnerability.

Description

The remote host is running Best Practical Solutions RT, an enterprise-grade ticketing system. The version detected is potentially affected by an HTML-injection vulnerability caused by the application failing to properly sanitize user-supplied input to 'Custom Field' values. Note that this issue only exists if the installation is using Custom Fields.

Solution

Upgrade to RT 3.6.9 / 3.8.5