Unknown · Request Tracker · CVE-2026-6841
**Name of the Vulnerable Software and Affected Versions**
Request Tracker versions 5.0.4 through 5.0.9
Request Tracker versions 6.0.0 through 6.0.2
**Description**
Reflected cross-site scripting (XSS) occurs via the `Page` parameter in GET requests. This allows an attacker to craft a URL that executes arbitrary JavaScript in the victim's browser when opened.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.