CVEFinder.io

CVE-2023-41260

⚠️ high
🔍 Scan for this CVE
Summary

Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.

CVSS Score
7.5
High
EPSS Score
0.1
Exploit Probability
Published Date
2023-11-03
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 68.9% of all 330,193 vulnerabilities in our database.

#102,656
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Sep 5, 2024
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2025-11-04
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE IDs (Weakness Types)
CWE-200

📦 Affected Products 2

Vendor Product Status Affected Versions
bestpractical request_tracker Affected
< 4.4.7
bestpractical request_tracker Affected
≥ 5.0.0 < 5.0.5

🔗 References 4

https://docs.bestpractical.com/release-notes/rt/4.4.7
Release Notes Vendor Advisory
https://docs.bestpractical.com/release-notes/rt/5.0.5
Release Notes Vendor Advisory
https://docs.bestpractical.com/release-notes/rt/inde...
Release Notes Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/10...

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-6841 🔶 medium 6.1 0.0 Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET re... 2026-05-21
CVE-2025-30087 ⚠️ high 7.2 0.1 Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted paramete... 2025-05-28
CVE-2025-31500 ⚠️ high 7.2 0.0 Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name. 2025-05-28
CVE-2025-31501 ⚠️ high 7.2 0.0 Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink. 2025-05-28
CVE-2023-41259 ⚠️ high 7.5 0.1 Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed ... 2023-11-03
CVE-2023-45024 ⚠️ high 7.5 0.2 Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transac... 2023-11-03
These CVEs affect the same products