Known Vulnerabilities for products from Bestpractical

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Bestpractical".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-6841 json Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET request... Not Provided 2026-05-21 2026-06-01
CVE-2023-45024 json Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction ... 7.5 - HIGH 2023-11-03 2023-11-13
CVE-2023-41260 json Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gatewa... 7.5 - HIGH 2023-11-03 2023-11-13
CVE-2023-41259 json Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT em... 7.5 - HIGH 2023-11-03 2023-11-13
CVE-2022-25803 json Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search. 6.1 - MEDIUM 2022-07-14 2022-07-20
CVE-2022-25802 json Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment... 6.1 - MEDIUM 2022-07-14 2022-07-20
CVE-2022-25801 json Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools. 9.1 - CRITICAL 2022-07-14 2022-07-20
CVE-2022-25800 json Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool. 9.1 - CRITICAL 2022-07-14 2022-07-21
CVE-2021-38562 json Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information di... 7.5 - HIGH 2021-10-18 2023-11-07
CVE-2018-18898 json The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers... 7.5 - HIGH 2019-03-21 2023-11-07
CVE-2017-5944 json The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 m... Not Provided 2017-07-03 2025-04-20
CVE-2017-5943 json Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensiti... Not Provided 2017-07-03 2025-04-20
CVE-2017-5361 json Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison a... Not Provided 2017-07-03 2025-04-20
CVE-2016-6127 json Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4... Not Provided 2017-07-03 2025-04-20
CVE-2015-6506 json Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote at... Not Provided 2015-09-03 2026-05-06
CVE-2015-5475 json Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to injec... Not Provided 2015-08-14 2026-05-06
CVE-2015-1464 json RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL... Not Provided 2015-03-09 2026-05-06
CVE-2015-1165 json RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive ... Not Provided 2015-03-09 2026-05-06
CVE-2014-9472 json The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers... Not Provided 2015-03-09 2026-05-06
CVE-2014-1474 json Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote at... Not Provided 2014-07-15 2026-05-06
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Bestpractical

Type Vendor Product Version
ApplicationBestpracticalRequest Tracker3.6.10
ApplicationBestpracticalRt-
ApplicationBestpracticalRt-extension-mobileui1.02
ApplicationBestpracticalRtfm2.2.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report