4.3

CVE-2006-1590

EPSS 4%
Veröffentlicht 03.04.2006 10:04:00
Zuletzt bearbeitet 16.06.2026 22:23:15
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

NVD 15 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kevin Johnson ≫ Basic Analysis And Security Engine Version0.9.7

Kevin Johnson ≫ Basic Analysis And Security Engine Version0.9.7.1

Kevin Johnson ≫ Basic Analysis And Security Engine Version0.9.8

Kevin Johnson ≫ Basic Analysis And Security Engine Version0.9.9

Kevin Johnson ≫ Basic Analysis And Security Engine Version1.0

Kevin Johnson ≫ Basic Analysis And Security Engine Version1.0.1

Kevin Johnson ≫ Basic Analysis And Security Engine Version1.0.2

Kevin Johnson ≫ Basic Analysis And Security Engine Version1.1

Kevin Johnson ≫ Basic Analysis And Security Engine Version1.1.2

Kevin Johnson ≫ Basic Analysis And Security Engine Version1.1.3

Kevin Johnson ≫ Basic Analysis And Security Engine Version1.1.4

Kevin Johnson ≫ Basic Analysis And Security Engine Version1.2.0

Kevin Johnson ≫ Basic Analysis And Security Engine Version1.2.1

Kevin Johnson ≫ Basic Analysis And Security Engine Version1.2.2

Kevin Johnson ≫ Basic Analysis And Security Engine Version1.2.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4%	0.892

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/19544

http://sourceforge.net/mailarchive/forum.php?thread_id=10064470&forum_id=42223

http://www.osvdb.org/20835

http://www.osvdb.org/24307

http://www.securityfocus.com/bid/17391

http://www.vupen.com/english/advisories/2006/1264

https://exchange.xforce.ibmcloud.com/vulnerabilities/25671

https://nvd.nist.gov/vuln/detail/CVE-2006-1590

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-1590

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-1590

EUVD