CVE-2025-9158 – Stored XSS in Request Tracker

CVE ID : CVE-2025-9158

Published : Oct. 24, 2025, 6:15 a.m. | 27 minutes ago

Description : The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying the ticket in the context of the logged-in user.

This vulnerability affects versions from 5.0.4 through 5.0.8 and from 6.0.0 through 6.0.1.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…