CVE-2026-6841

UNKNOWN View on NVD ↗

Description

Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0.9 and from 6.0.0 up to 6.0.2.

References

https://cert.pl/en/posts/2026/05/CVE-2026-6841
https://docs.bestpractical.com/release-notes/rt/5.0.10
https://docs.bestpractical.com/release-notes/rt/6.0.3
https://requesttracker.com/request-tracker/

Published: May 21, 2026 13:16 UTC Modified: May 21, 2026 16:04 UTC