CVE-2026-6841

Sažetak

Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0.9 and from 6.0.0 up to 6.0.2.

Reference

https://cert.pl/en/posts/2026/05/CVE-2026-6841
https://docs.bestpractical.com/release-notes/rt/5.0.10
https://docs.bestpractical.com/release-notes/rt/6.0.3
https://requesttracker.com/request-tracker/

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

21-05-2026 - 16:04

Objavljeno

21-05-2026 - 13:16