CVE-2025-30087

⚠️ high

Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.

CVSS Score

7.2

High

EPSS Score

0.1

Exploit Probability

Published Date

2025-05-28

First Seen: 2026-01-05

This CVE is Moderate Risk - more severe than 55.5% of all 330,193 vulnerabilities in our database.

#147,095

Above average severity

Severity Percentile

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2025-11-03

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE IDs (Weakness Types)

CWE-79

📦 Affected Products 2

Vendor	Product	Status	Affected Versions
bestpractical	request_tracker	Affected	≥ 4.4.0 < 4.4.8
bestpractical	request_tracker	Affected	≥ 5.0.0 < 5.0.8

Release Notes

Release Notes

Release Notes

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-6841	🔶 medium	6.1	0.0	Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET re...	2026-05-21
CVE-2025-31500	⚠️ high	7.2	0.0	Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.	2025-05-28
CVE-2025-31501	⚠️ high	7.2	0.0	Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.	2025-05-28
CVE-2023-41259	⚠️ high	7.5	0.1	Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed ...	2023-11-03
CVE-2023-41260	⚠️ high	7.5	0.1	Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-g...	2023-11-03
CVE-2023-45024	⚠️ high	7.5	0.2	Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transac...	2023-11-03

These CVEs affect the same products