CVE-2009-4837

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] parameter to (2) base/base_stat_alerts.php or (3) base/base_stat_uaddr.php. NOTE: some of these details are obtained from third party information.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:secureideas:basic_analysis_and_security_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.1:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.5:*:*:*:*:*:*:*

Information

Published : 2010-05-06 05:47

Updated : 2012-07-02 21:00


NVD link : CVE-2009-4837

Mitre link : CVE-2009-4837


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

secureideas

  • basic_analysis_and_security_engine