Cbrandtbuffalo

**Name of the Vulnerable Software and Affected Versions** RT versions prior to 5.0.10 RT versions 6.0.0 through 6.0.2 **Description** User-controlled data in spreadsheet exports is not sanitized before being written to the output file. This allows spreadsheet applications to interpret crafted values as formulas or macros when the file is opened, leading to a spreadsheet (CSV/formula) injection. **Recommendations** Update versions prior to 5.0.10 to version 5.0.10. Update versions 6.0.0 through 6.0.2 to version 6.0.3. As a temporary workaround, avoid opening exported spreadsheet files directly in spreadsheet applications when the data may contain untrusted user input.

**Name of the Vulnerable Software and Affected Versions** RT versions 6.0.0 through 6.0.2 **Description** RT is an open source, enterprise-grade issue and ticket tracking system. A Cross-Site Request Forgery (CSRF) flaw allows an attacker to induce a logged-in user to visit a malicious web page, triggering arbitrary state-changing actions on behalf of that user. CSRF is a technique where a malicious site tricks a user's browser into performing an unwanted action on a different website where the user is authenticated. **Recommendations** Update to version 6.0.3.