CVE-2026-6841EPSS p14.6%

CVE-2026-6841CVE-2026-6841

bestpractical / request_tracker

Description

Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0.9 and from 6.0.0 up to 6.0.2.

Scoring

CVSS 6.1 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS0.24% probability of exploitation · percentile 14.6% · 2026-06-19T12:03:05Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-9646
CVE
CVE-2026-35466
CVE
CVE-2025-24861
CVE
CVE-2025-40892
CVE
CVE-2026-48209
CVE
CVE-2026-28301
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.