CVE-2006-1590 — MEDIUM (4.3)

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Kevin Johnson	Basic Analysis And Security Engine	0.9.7
Roman Danyliw	Analysis Console For Intrusion Databases $Acid$	0.9.6b23

References

FAQ

What is CVE-2006-1590?

CVE-2006-1590 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows r...

How severe is CVE-2006-1590?

CVE-2006-1590 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-1590?

Check the references section above for vendor advisories and patch information. Affected products include: Kevin Johnson Basic Analysis And Security Engine, Roman Danyliw Analysis Console For Intrusion Databases $Acid$.