CVE-2006-1590

N/A

Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation.

N/A

N/A

Basic Analysis and Security Engine rintFreshPage 跨站脚本漏洞

通过BASE中的(a)到base_graph_main.php的back参数，(b)到base_stat_ipaddr.php的netmask参数，或者(c)到base_qry_alter.php的submit参数，或者(d)ACID中到acid_main.php的query字符串，(1)基本分析和安全引擎(BASE)1.2.4和(2)入侵数据库的分析控制台(ACID)0.9.6b23可让远程攻击者注入任意Web脚本或HTML。

N/A

N/A