{"id":"CVE-2015-6506","details":"Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.","modified":"2026-04-10T03:46:25.761565Z","published":"2015-09-03T14:59:08Z","references":[{"type":"ADVISORY","url":"http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2015/dsa-3335"},{"type":"ADVISORY","url":"https://bestpractical.com/release-notes/rt/4.2.12"},{"type":"FIX","url":"http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html"},{"type":"FIX","url":"https://bestpractical.com/release-notes/rt/4.2.12"},{"type":"FIX","url":"https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html"}],"schema_version":"1.7.5"}