NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-6841

Summary	Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0.9 and from 6.0.0 up to 6.0.2.
Publication Date	May 21, 2026, 10:16 p.m.
Registration Date	May 22, 2026, 4:07 a.m.
Last Update	May 22, 2026, 1:04 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.pl/en/posts/2026/05/CVE-2026-6841	cvd@cert.pl
2	https://docs.bestpractical.com/release-notes/rt/5.0.10	cvd@cert.pl
3	https://docs.bestpractical.com/release-notes/rt/6.0.3	cvd@cert.pl
4	https://requesttracker.com/request-tracker/	cvd@cert.pl

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html