CVE-2011-5249

Intersectalliance System Intrusion An... - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the events page in the System iNtrusion Analysis and Reporting Environment (SNARE) for Linux agent before 1.7.0 allows remote attackers to inject arbitrary web script or HTML via a logged shell command.

References (2)

[Various Sources] http://rpmfind.net/linux/RPM/sourceforge/s/sn/snare/Snare%20for%20Linux/1.7.0/SnareLinux-1.7.0-0.i386.html

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2012-12/0077.html

Scores

EPSS 0.0020

EPSS Percentile 41.8%

Details

CWE

CWE-79

Status published

Products (6)

intersectalliance/system_intrusion_analysis_and_reporting_environment < 1.5.1

intersectalliance/system_intrusion_analysis_and_reporting_environment

n/a/n/a

Published May 14, 2014

Tracked Since Feb 18, 2026