Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4878

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-4878
Last Modified 03 Jul 2012 12:00:00
Published 18 Feb 2009 03:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-4878

Summary

Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to inject arbitrary web script or HTML via the sig[1] parameter and possibly other parameters, a different vulnerability than CVE-2007-6156.

Vulnerable Systems

Application

  • Acid Analysis Console For Intrusion Databases 0.9.6b20

  • Base Basic Analysis And Security Engine 1.2

  • Secureideas Basic Analysis And Security Engine 1.2


References

XF - base-acid-sig1-xss(48848)

OSVDB - 24306

DEBIAN - DSA-893

SECUNIA - 17523

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336788


Last Updated: 27 May 2016 10:56:36