FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

RT -- XSS via calendar invitations

Affected packages
6.0.0	<=	rt50	<	6.0.2
5.0.4	<=	rt50	<	5.0.9
6.0.0	<=	rt60	<	6.0.2
5.0.4	<=	rt60	<	5.0.9

Details

VuXML ID	269c2de7-afaa-11f0-b4c8-792b26d8a051
Discovery	2025-10-23
Entry	2025-10-23

Mateusz Szymaniec and CERT Polska Reports:

RT is vulnerable to XSS via calendar invitations added to a ticket. Thanks to Mateusz Szymaniec and CERT Polska for reporting this finding.

[source]

References

CVE Name	CVE-2025-9158
URL	https://github.com/bestpractical/rt/releases/tag/rt-6.0.2

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.