CVE-2009-4839

2010-05-06T12:47:00
ID CVE-2009-4839
Type cve
Reporter cve@mitre.org
Modified 2012-07-03T04:00:00

Description

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2) admin/base_useradmin.php, (3) base_conf_contents.php, (4) base_qry_sqlcalls.php, and (5) base_ag_main.php.