CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-1590

Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.075

EPSS Ranking 91.3%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2006-1590

Kevin Johnson » Basic Analysis And Security Engine » Version: 0.9.7

cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:0.9.7
Kevin Johnson » Basic Analysis And Security Engine » Version: 0.9.7.1

cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:0.9.7.1
Kevin Johnson » Basic Analysis And Security Engine » Version: 0.9.8

cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:0.9.8
Kevin Johnson » Basic Analysis And Security Engine » Version: 0.9.9

cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:0.9.9
Kevin Johnson » Basic Analysis And Security Engine » Version: 1.0

cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.0
Kevin Johnson » Basic Analysis And Security Engine » Version: 1.0.1

cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.0.1
Kevin Johnson » Basic Analysis And Security Engine » Version: 1.0.2

cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.0.2
Kevin Johnson » Basic Analysis And Security Engine » Version: 1.1

cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.1
Kevin Johnson » Basic Analysis And Security Engine » Version: 1.1.2

cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.1.2
Kevin Johnson » Basic Analysis And Security Engine » Version: 1.1.3

cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.1.3
Kevin Johnson » Basic Analysis And Security Engine » Version: 1.1.4

cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.1.4
Kevin Johnson » Basic Analysis And Security Engine » Version: 1.2.0

cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.2.0
Kevin Johnson » Basic Analysis And Security Engine » Version: 1.2.1

cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.2.1
Kevin Johnson » Basic Analysis And Security Engine » Version: 1.2.2

cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.2.2
Kevin Johnson » Basic Analysis And Security Engine » Version: 1.2.4

cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.2.4
Roman Danyliw » Analysis Console For Intrusion Databases (Acid) » Version: 0.9.6b23

cpe:2.3:a:roman_danyliw:analysis_console_for_intrusion_databases_(acid):0.9.6b23

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-1590

Products

Pricing

Contact Us