CVE-2015-5475

Name of the Vulnerable Software and Affected Versions Request Tracker (RT) versions 4.x through 4.2.11 Request Tracker (RT) versions prior to 4.2.12

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via vectors related to the user and group rights management pages, specifically through the group rights management pages.

Recommendations For versions 4.x through 4.2.11, update to version 4.2.12 or later. For versions prior to 4.2.12, update to version 4.2.12 or later. As a temporary workaround, consider restricting access to the group rights management pages and limiting user input to minimize the risk of exploitation.