[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-4837Date: (C)2010-05-06   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] parameter to (2) base/base_stat_alerts.php or (3) base/base_stat_uaddr.php. NOTE: some of these details are obtained from third party information.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-35222
http://base.secureideas.net/news.php
http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/base_ag_common.php?sortby=date&view
http://spl0it.org/files/BASE-XSS/Reflective-notes.txt

CPE    16
cpe:/a:secureideas:basic_analysis_and_security_engine:1.2.4
cpe:/a:secureideas:basic_analysis_and_security_engine:1.1.4
cpe:/a:secureideas:basic_analysis_and_security_engine:1.1.3
cpe:/a:secureideas:basic_analysis_and_security_engine:1.2.2
...
CWE    1
CWE-79

© SecPod Technologies