CVE-2022-25802

Name of the Vulnerable Software and Affected Versions Request Tracker versions prior to 4.4.6 Request Tracker versions 5.x prior to 5.0.3

Description The issue allows for a cross-site scripting (XSS) attack via a crafted content type for an attachment. This can be exploited by a remote attacker to conduct an XSS attack, potentially allowing them to execute malicious scripts on the victim's browser. The vulnerability exists due to inadequate protection of the web page structure.

Recommendations For versions prior to 4.4.6, update to version 4.4.6 or later. For versions 5.x prior to 5.0.3, update to version 5.0.3 or later. As a temporary workaround, consider restricting the ability to upload attachments with crafted content types until a patch is available.