{"api_version":"1","generated_at":"2026-06-05T04:48:14+00:00","cve":"CVE-2015-5475","urls":{"html":"https://cve.report/CVE-2015-5475","api":"https://cve.report/api/cve/CVE-2015-5475.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-5475","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-5475"},"summary":{"title":"CVE-2015-5475","description":"Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages.","state":"PUBLISHED","assigner":"mitre","published_at":"2015-08-14 18:59:10","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html","name":"http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Best Practical: Security vulnerabilities in RT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html","name":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 22 Update: rt-4.2.12-1.fc22","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html","name":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 23 Update: rt-4.2.12-1.fc23","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2015/dsa-3335","name":"http://www.debian.org/security/2015/dsa-3335","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-3335-1 request-tracker4","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html","name":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 21 Update: rt-4.2.12-1.fc21","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/76364","name":"http://www.securityfocus.com/bid/76364","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Request Tracker CVE-2015-5475 Multiple Cross Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://bestpractical.com/release-notes/rt/4.2.12","name":"https://bestpractical.com/release-notes/rt/4.2.12","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"4.2.12 Release Notes - RT: Request Tracker - Best Practical","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-5475","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5475","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"5475","vulnerable":"1","versionEndIncluding":"4.2.11","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bestpractical","cpe5":"request_tracker","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T06:50:02.297Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bestpractical.com/release-notes/rt/4.2.12"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html"},{"name":"FEDORA-2015-13718","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html"},{"name":"FEDORA-2015-13641","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html"},{"name":"DSA-3335","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2015/dsa-3335"},{"name":"76364","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/76364"},{"name":"FEDORA-2015-13664","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2015-08-12T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2016-12-20T16:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://bestpractical.com/release-notes/rt/4.2.12"},{"tags":["x_refsource_CONFIRM"],"url":"http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html"},{"name":"FEDORA-2015-13718","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html"},{"name":"FEDORA-2015-13641","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html"},{"name":"DSA-3335","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2015/dsa-3335"},{"name":"76364","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/76364"},{"name":"FEDORA-2015-13664","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2015-5475","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://bestpractical.com/release-notes/rt/4.2.12","refsource":"CONFIRM","url":"https://bestpractical.com/release-notes/rt/4.2.12"},{"name":"http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html","refsource":"CONFIRM","url":"http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html"},{"name":"FEDORA-2015-13718","refsource":"FEDORA","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165124.html"},{"name":"FEDORA-2015-13641","refsource":"FEDORA","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164607.html"},{"name":"DSA-3335","refsource":"DEBIAN","url":"http://www.debian.org/security/2015/dsa-3335"},{"name":"76364","refsource":"BID","url":"http://www.securityfocus.com/bid/76364"},{"name":"FEDORA-2015-13664","refsource":"FEDORA","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2015-5475","datePublished":"2015-08-14T18:00:00.000Z","dateReserved":"2015-07-10T00:00:00.000Z","dateUpdated":"2024-08-06T06:50:02.297Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2015-08-14 18:59:10","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*","versionEndIncluding":"4.2.11","matchCriteriaId":"B6E877C3-C4F4-4102-8B32-09D86C4CB509"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"5475","Ordinal":"1","Title":"CVE-2015-5475","CVE":"CVE-2015-5475","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"5475","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages.","Type":"Description","Title":"CVE-2015-5475"},{"CveYear":"2015","CveId":"5475","Ordinal":"2","NoteData":"2015-08-14","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"5475","Ordinal":"3","NoteData":"2016-12-20","Type":"Other","Title":"Modified"}]}}}