CVE-2007-5496

Selinux Setroubleshoot - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert.

References (7)

[Patch] http://securitytracker.com/id?1020078

[Patch] http://www.redhat.com/support/errata/RHSA-2008-0061.html

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=288271

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42592

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29324

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10455

[Third Party Advisory] http://secunia.com/advisories/30339

Scores

EPSS 0.0007

EPSS Percentile 21.0%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

selinux/setroubleshoot

Timeline

Published May 23, 2008

Tracked Since Feb 18, 2026