Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1590

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-1590
Last Modified 07 Mar 2011 09:33:23
Published 03 Apr 2006 06:04:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1590

Summary

Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation.

Vulnerable Systems

Application

  • Kevin Johnson Basic Analysis And Security Engine 0.9.7

  • Kevin Johnson Basic Analysis And Security Engine 0.9.7.1

  • Kevin Johnson Basic Analysis And Security Engine 0.9.8

  • Kevin Johnson Basic Analysis And Security Engine 0.9.9

  • Kevin Johnson Basic Analysis And Security Engine 1.0

  • Kevin Johnson Basic Analysis And Security Engine 1.0.1

  • Kevin Johnson Basic Analysis And Security Engine 1.0.2

  • Kevin Johnson Basic Analysis And Security Engine 1.1

  • Kevin Johnson Basic Analysis And Security Engine 1.1.2

  • Kevin Johnson Basic Analysis And Security Engine 1.1.3

  • Kevin Johnson Basic Analysis And Security Engine 1.1.4

  • Kevin Johnson Basic Analysis And Security Engine 1.2.0

  • Kevin Johnson Basic Analysis And Security Engine 1.2.1

  • Kevin Johnson Basic Analysis And Security Engine 1.2.2

  • Kevin Johnson Basic Analysis And Security Engine 1.2.4

  • Roman Danyliw Analysis Console For Intrusion Databases %28acid%29 0.9.6b23


References

VUPEN - ADV-2006-1264

OSVDB - 24307

OSVDB - 20835

MLIST - [secureideas-base-devel] 20060328 3 XSS in BASE 1.2.4

XF - base-multiple-scripts-xss(25671)

BID - 17391

SECUNIA - 19544


Last Updated: 27 May 2016 10:42:08