Lucene search

MitreCVE-2006-1590

HistoryApr 03, 2006 - 10:04 a.m.

CVE-2006-1590

2006-04-0310:04:00

mitre

web.nvd.nist.gov

cve-2006-1590

cross-site scripting

xss

vulnerability

base

acid

security engine

analysis console

injection

web script

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.006

Percentile

79.5%

JSON

Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or © submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER[‘REQUEST_URI’]) to be inserted into a refresh operation.

Affected configurations

Nvd

Node

kevin_johnsonbasic_analysis_and_security_engineMatch0.9.7

kevin_johnsonbasic_analysis_and_security_engineMatch0.9.7.1

kevin_johnsonbasic_analysis_and_security_engineMatch0.9.8

kevin_johnsonbasic_analysis_and_security_engineMatch0.9.9

kevin_johnsonbasic_analysis_and_security_engineMatch1.0

kevin_johnsonbasic_analysis_and_security_engineMatch1.0.1

kevin_johnsonbasic_analysis_and_security_engineMatch1.0.2

kevin_johnsonbasic_analysis_and_security_engineMatch1.1

kevin_johnsonbasic_analysis_and_security_engineMatch1.1.2

kevin_johnsonbasic_analysis_and_security_engineMatch1.1.3

kevin_johnsonbasic_analysis_and_security_engineMatch1.1.4

kevin_johnsonbasic_analysis_and_security_engineMatch1.2.0

kevin_johnsonbasic_analysis_and_security_engineMatch1.2.1

kevin_johnsonbasic_analysis_and_security_engineMatch1.2.2

kevin_johnsonbasic_analysis_and_security_engineMatch1.2.4

roman_danyliwanalysis_console_for_intrusion_databases_$acid$Match0.9.6b23

VendorProductVersionCPE
kevin_johnsonbasic_analysis_and_security_engine0.9.7cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:0.9.7:*:*:*:*:*:*:*
kevin_johnsonbasic_analysis_and_security_engine0.9.7.1cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:0.9.7.1:*:*:*:*:*:*:*
kevin_johnsonbasic_analysis_and_security_engine0.9.8cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:0.9.8:*:*:*:*:*:*:*
kevin_johnsonbasic_analysis_and_security_engine0.9.9cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:0.9.9:*:*:*:*:*:*:*
kevin_johnsonbasic_analysis_and_security_engine1.0cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.0:*:*:*:*:*:*:*
kevin_johnsonbasic_analysis_and_security_engine1.0.1cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.0.1:*:*:*:*:*:*:*
kevin_johnsonbasic_analysis_and_security_engine1.0.2cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.0.2:*:*:*:*:*:*:*
kevin_johnsonbasic_analysis_and_security_engine1.1cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.1:*:*:*:*:*:*:*
kevin_johnsonbasic_analysis_and_security_engine1.1.2cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.1.2:*:*:*:*:*:*:*
kevin_johnsonbasic_analysis_and_security_engine1.1.3cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kevin_johnson	basic_analysis_and_security_engine	0.9.7	cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:0.9.7:::::::*
kevin_johnson	basic_analysis_and_security_engine	0.9.7.1	cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:0.9.7.1:::::::*
kevin_johnson	basic_analysis_and_security_engine	0.9.8	cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:0.9.8:::::::*
kevin_johnson	basic_analysis_and_security_engine	0.9.9	cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:0.9.9:::::::*
kevin_johnson	basic_analysis_and_security_engine	1.0	cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.0:::::::*
kevin_johnson	basic_analysis_and_security_engine	1.0.1	cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.0.1:::::::*
kevin_johnson	basic_analysis_and_security_engine	1.0.2	cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.0.2:::::::*
kevin_johnson	basic_analysis_and_security_engine	1.1	cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.1:::::::*
kevin_johnson	basic_analysis_and_security_engine	1.1.2	cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.1.2:::::::*
kevin_johnson	basic_analysis_and_security_engine	1.1.3	cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.1.3:::::::*

Rows per page:

1-10 of 161

References

secunia.com/advisories/19544

sourceforge.net/mailarchive/forum.php?thread_id=10064470&forum_id=42223

www.osvdb.org/20835

www.osvdb.org/24307

www.securityfocus.com/bid/17391

www.vupen.com/english/advisories/2006/1264

exchange.xforce.ibmcloud.com/vulnerabilities/25671

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.006

Percentile

79.5%

JSON

Related for CVE-2006-1590