CVE-2007-5496

Name of the Vulnerable Software and Affected Versions setroubleshoot version 2.0.5

Description A cross-site scripting (XSS) issue allows local users to inject arbitrary web script or HTML via a crafted file or process name. This triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert.

Recommendations For setroubleshoot version 2.0.5, consider restricting access to the log files used by sealert to minimize the risk of exploitation. As a temporary workaround, avoid using crafted file or process names that could trigger an AVC log entry until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.