Marcin Kopeć

**Name of the Vulnerable Software and Affected Versions** Request Tracker (RT) versions 4.x through 4.2.11 Request Tracker (RT) versions prior to 4.2.12 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via vectors related to the `user` and group rights management pages, specifically through the `group rights management pages`. **Recommendations** For versions 4.x through 4.2.11, update to version 4.2.12 or later. For versions prior to 4.2.12, update to version 4.2.12 or later. As a temporary workaround, consider restricting access to the group rights management pages and limiting user input to minimize the risk of exploitation.