Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-4837

Опубликовано: 06 мая 2010
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] parameter to (2) base/base_stat_alerts.php or (3) base/base_stat_uaddr.php. NOTE: some of these details are obtained from third party information.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:secureideas:basic_analysis_and_security_engine:*:*:*:*:*:*:*:*
Версия до 1.4.3 (включая)
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.1:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.3.9:*:*:*:*:*:*:*

EPSS

Процентиль: 52%
0.00285
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2009-4837

ubuntu
больше 15 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] parameter to (2) base/base_stat_alerts.php or (3) base/base_stat_uaddr.php. NOTE: some of these details are obtained from third party information.

debian логотип

CVE-2009-4837

debian
больше 15 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis ...

github логотип

GHSA-qvvm-q759-c698

github
больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] parameter to (2) base/base_stat_alerts.php or (3) base/base_stat_uaddr.php. NOTE: some of these details are obtained from third party information.

EPSS

Процентиль: 52%
0.00285
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79