Medium severity6.1NVD Advisory· Published May 21, 2026· Updated Jun 1, 2026
CVE-2026-6841
CVE-2026-6841
Description
Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser.
This vulnerability affects versions from 5.0.4 up to 5.0.9 and from 6.0.0 up to 6.0.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >=6.0.0,<=6.0.2
- Range: >=5.0.4, <=5.0.9; >=6.0.0, <=6.0.2
Patches
Vulnerability mechanics
References
4- cert.pl/en/posts/2026/05/CVE-2026-6841nvdThird Party Advisory
- docs.bestpractical.com/release-notes/rt/5.0.10nvdRelease Notes
- docs.bestpractical.com/release-notes/rt/6.0.3nvdRelease Notes
- requesttracker.com/request-tracker/nvdProduct
News mentions
0No linked articles in our index yet.