Vulnerability Description
Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0.9 and from 6.0.0 up to 6.0.2.
Related Weaknesses (CWE)
References
- https://cert.pl/en/posts/2026/05/CVE-2026-6841
- https://docs.bestpractical.com/release-notes/rt/5.0.10
- https://docs.bestpractical.com/release-notes/rt/6.0.3
- https://requesttracker.com/request-tracker/
FAQ
What is CVE-2026-6841?
CVE-2026-6841 is a documented vulnerability. Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary Java...
How severe is CVE-2026-6841?
CVSS scoring is not yet available for CVE-2026-6841. Check NVD for updates.
Is there a patch for CVE-2026-6841?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.