Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-31501

Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.

Published

2025-05-28T18:15:26.857

Last Modified

2025-06-09T18:59:03.730

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application bestpractical request_tracker < 4.4.8 Yes
Application bestpractical request_tracker < 5.0.8 Yes
References