Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] parameter to (2) base/base_stat_alerts.php or (3) base/base_stat_uaddr.php. NOTE: some of these details are obtained from third party information.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2010-05-06 05:47
Updated : 2012-07-02 21:00
NVD link : CVE-2009-4837
Mitre link : CVE-2009-4837
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
secureideas
- basic_analysis_and_security_engine