4 matches found
CVE-2009-4837
CVE-2009-4837 involves multiple cross-site scripting (XSS) vulnerabilities in the Basic Analysis and Security Engine (BASE) prior to version 1.4.3.1. The affected components allow remote attackers to inject arbitrary web script or HTML via the following parameters: (1) sig[1] in base/base_qry_mai...
CVE-2009-4839
The CVE-2009-4839 entry concerns the Basic Analysis and Security Engine (BASE), likely versions 1.4.4 and earlier. The issue comprises multiple input-validation vulnerabilities in BASE allowing remote attackers to inject arbitrary web script or HTML (XSS) via parameters to admin/base_roleadmin.ph...
CVE-2007-6156
BASE/Base Analysis and Security Engine (BASE) before 1.3.9 contains cross-site scripting in base_qry_main.php, exploitable via sig[0] and sig[1] parameters. This affects BASE 1.3.8 and earlier releases per CVE-2007-6156. Impact: remote attackers can inject arbitrary web script/HTML. Mitigation: u...
CVE-2005-4878
CVE-2005-4878 details: Multiple XSS vulnerabilities in ACID 0.9.6b20 (acid_qry_main.php) and BASE 1.2 (base_qry_main.php), plus unspecified consoles, allow remote injection via the sig[1] parameter and related inputs. Connected documents also flag a separate but related issue CVE-2007-6156 affect...