{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-19T21:21:36.109","vulnerabilities":[{"cve":{"id":"CVE-2009-3892","sourceIdentifier":"secalert@redhat.com","published":"2009-11-17T18:30:00.407","lastModified":"2026-06-16T23:12:35.250","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields."},{"lang":"es","value":"Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Best Practical Solutions RT v3.6.x anteriores a v3.6.9, v3.8.x anteriores a v3.8.5, y otros desde v3.4.6 hasta v3.8.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de ciertos campos personalizados."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*","matchCriteriaId":"F98B7895-BDB3-477C-8B34-88BD3E02EAFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*","matchCriteriaId":"1512169D-DCEF-4964-B05A-3DF19CDE8F57"},{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*","matchCriteriaId":"B427F5D4-ACD6-46E5-B94F-CA30330C6492"},{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*","matchCriteriaId":"E9B38C33-D680-4285-A849-E6CDA9F4802F"},{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*","matchCriteriaId":"646CFD82-15FE-48E4-83C9-E3E037E9F928"},{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*","matchCriteriaId":"57404A14-6E1C-4F3B-8120-75F1073A3E18"},{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*","matchCriteriaId":"3F40ED56-CDAC-40BB-A026-5D6A09DCB72C"},{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*","matchCriteriaId":"33C325D9-CB88-430F-B1AE-3544C7176398"},{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*","matchCriteriaId":"F1E86D15-8435-46B9-88FF-8A51771C55E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*","matchCriteriaId":"543C8E63-9A49-4D6A-899A-7D244D0CCC17"},{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*","matchCriteriaId":"C503726A-4AAB-4444-A204-7F53A6369919"},{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*","matchCriteriaId":"F2B93F59-E22F-47E0-A5EA-D5716E9EAB48"},{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*","matchCriteriaId":"0BF01543-2929-4ADA-BD74-ABE00BF066BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*","matchCriteriaId":"562E9782-259B-42C6-BC3E-C452799A78FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*","matchCriteriaId":"C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576"}]}]}],"references":[{"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546778","source":"secalert@redhat.com"},{"url":"http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.html","source":"secalert@redhat.com","tags":["Patch"]},{"url":"http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000173.html","source":"secalert@redhat.com","tags":["Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2009/11/15/1","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2009/11/16/4","source":"secalert@redhat.com"},{"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546778","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000173.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2009/11/15/1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2009/11/16/4","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}