CVE-2025-31500

⚠️ high

🔍 Scan for this CVE

Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.

CVSS Score

7.2

High

EPSS Score

0.0

Exploit Probability

Published Date

2025-05-28

First Seen: 2026-01-05

This CVE is Moderate Risk - more severe than 55.5% of all 330,193 vulnerabilities in our database.

#147,095

Above average severity

Severity Percentile

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2025-06-09

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE IDs (Weakness Types)

CWE-79

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
bestpractical	request_tracker	Affected	≥ 5.0.0 < 5.0.8

Release Notes

Release Notes

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-6841	🔶 medium	6.1	0.0	Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET re...	2026-05-21
CVE-2025-30087	⚠️ high	7.2	0.1	Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted paramete...	2025-05-28
CVE-2025-31501	⚠️ high	7.2	0.0	Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.	2025-05-28
CVE-2023-41259	⚠️ high	7.5	0.1	Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed ...	2023-11-03
CVE-2023-41260	⚠️ high	7.5	0.1	Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-g...	2023-11-03
CVE-2023-45024	⚠️ high	7.5	0.2	Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transac...	2023-11-03

These CVEs affect the same products