CVE-2009-4839

EUVD-2009-4802
Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2) admin/base_useradmin.php, (3) base_conf_contents.php, (4) base_qry_sqlcalls.php, and (5) base_ag_main.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
secureideasbasic_analysis_and_security_engine
𝑥
≤ 1.4.4
secureideasbasic_analysis_and_security_engine
1.1
secureideasbasic_analysis_and_security_engine
1.1.2
secureideasbasic_analysis_and_security_engine
1.1.3
secureideasbasic_analysis_and_security_engine
1.1.4
secureideasbasic_analysis_and_security_engine
1.2
secureideasbasic_analysis_and_security_engine
1.2.0
secureideasbasic_analysis_and_security_engine
1.2.1
secureideasbasic_analysis_and_security_engine
1.2.2
secureideasbasic_analysis_and_security_engine
1.2.4
secureideasbasic_analysis_and_security_engine
1.2.5
secureideasbasic_analysis_and_security_engine
1.2.6
secureideasbasic_analysis_and_security_engine
1.2.7
secureideasbasic_analysis_and_security_engine
1.3.5
secureideasbasic_analysis_and_security_engine
1.3.6
secureideasbasic_analysis_and_security_engine
1.3.8
secureideasbasic_analysis_and_security_engine
1.3.9
secureideasbasic_analysis_and_security_engine
1.4.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
acidbase
dapper
ignored
hardy
ignored
jaunty
ignored
karmic
ignored
lucid
ignored
maverick
not-affected
natty
not-affected
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
dne
Common Weakness Enumeration
References
http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/admin/base_roleadmin.php?view=log
http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/admin/base_useradmin.php?view=log
http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/base_ag_main.php?view=log
http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/base_conf_contents.php?view=log
http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/base_qry_sqlcalls.php?view=log
http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/admin/base_roleadmin.php?view=log
http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/admin/base_useradmin.php?view=log
http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/base_ag_main.php?view=log
http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/base_conf_contents.php?view=log
http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/base_qry_sqlcalls.php?view=log