CVE-2013-3736

Name of the Vulnerable Software and Affected Versions Request Tracker versions 4.0.0 through 4.0.12 RT-Extension-MobileUI extension version prior to 1.04

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the name of an attached file.

Recommendations For Request Tracker versions 4.0.0 through 4.0.12, update the RT-Extension-MobileUI extension to version 1.04 or later. For RT-Extension-MobileUI extension version prior to 1.04, update to version 1.04 or later.