Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-4839

Опубликовано: 06 мая 2010
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2) admin/base_useradmin.php, (3) base_conf_contents.php, (4) base_qry_sqlcalls.php, and (5) base_ag_main.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:secureideas:basic_analysis_and_security_engine:*:*:*:*:*:*:*:*
Версия до 1.4.4 (включая)
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.1:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.4.3:*:*:*:*:*:*:*

EPSS

Процентиль: 55%
0.00329
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2009-4839

ubuntu
больше 15 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2) admin/base_useradmin.php, (3) base_conf_contents.php, (4) base_qry_sqlcalls.php, and (5) base_ag_main.php.

debian логотип

CVE-2009-4839

debian
больше 15 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis ...

github логотип

GHSA-cr6q-w9jh-63pg

github
больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2) admin/base_useradmin.php, (3) base_conf_contents.php, (4) base_qry_sqlcalls.php, and (5) base_ag_main.php.

EPSS

Процентиль: 55%
0.00329
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79