CVE-2006-1590

BASE 1.2.4/ACID 0.9.6b23 - XSS

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Adam Ely · textwebappsphp
https://www.exploit-db.com/exploits/27574

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17391
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1264
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20835
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25671
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/24307
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19544

Scores

EPSS 0.0984
EPSS Percentile 93.1%

Details

Status published
Products (16)
kevin_johnson/basic_analysis_and_security_engine 0.9.7
kevin_johnson/basic_analysis_and_security_engine 0.9.7.1
kevin_johnson/basic_analysis_and_security_engine 0.9.8
kevin_johnson/basic_analysis_and_security_engine 0.9.9
kevin_johnson/basic_analysis_and_security_engine 1.0
kevin_johnson/basic_analysis_and_security_engine 1.0.1
kevin_johnson/basic_analysis_and_security_engine 1.0.2
kevin_johnson/basic_analysis_and_security_engine 1.1
kevin_johnson/basic_analysis_and_security_engine 1.1.2
kevin_johnson/basic_analysis_and_security_engine 1.1.3
... and 6 more
Published Apr 03, 2006
Tracked Since Feb 18, 2026