CVE 2022-25802

Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.

Related bugs and status

CVE-2022-25802 (Candidate) is related to these bugs:

Bug #2003561: update to rt-4.4.6 due to CVE-2022-25802

Summary				In	Importance	Status
	2003561	update to rt-4.4.6 due to CVE-2022-25802		request-tracker4 (Ubuntu)	Undecided	New

Bug #2003565: update to rt-5.0.3 due to CVE-2022-25802

Summary				In	Importance	Status
	2003565	update to rt-5.0.3 due to CVE-2022-25802		request-tracker5 (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.