CVE-2023-45024

⚠️ high

Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.

CVSS Score

7.5

High

EPSS Score

0.2

Exploit Probability

Published Date

2023-11-03

First Seen: 2026-01-05

This CVE is Moderate Risk - more severe than 68.9% of all 330,193 vulnerabilities in our database.

#102,656

Above average severity

Severity Percentile

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2024-11-21

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE IDs (Weakness Types)

CWE-200

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
bestpractical	request_tracker	Affected	≥ 5.0.0 < 5.0.5

Patch Release Notes

Release Notes

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-6841	🔶 medium	6.1	0.0	Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET re...	2026-05-21
CVE-2025-30087	⚠️ high	7.2	0.1	Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted paramete...	2025-05-28
CVE-2025-31500	⚠️ high	7.2	0.0	Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.	2025-05-28
CVE-2025-31501	⚠️ high	7.2	0.0	Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.	2025-05-28
CVE-2023-41259	⚠️ high	7.5	0.1	Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed ...	2023-11-03
CVE-2023-41260	⚠️ high	7.5	0.1	Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-g...	2023-11-03

These CVEs affect the same products