PRIOn knowledge basePRION:CVE-2007-5496

HistoryMay 23, 2008 - 3:32 p.m.

Cross site scripting

2008-05-2315:32:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

JSON

Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert.

CPENameOperatorVersion
setroubleshooteq2.0.5

CPE	Name	Operator	Version
	setroubleshoot	eq	2.0.5

References

secunia.com/advisories/30339

securitytracker.com/id?1020078

www.redhat.com/support/errata/RHSA-2008-0061.html

www.securityfocus.com/bid/29324

bugzilla.redhat.com/show_bug.cgi?id=288271

exchange.xforce.ibmcloud.com/vulnerabilities/42592

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10455