4.3
CVSSv2

CVE-2009-4839

Published: 06/05/2010 Updated: 03/07/2012
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2) admin/base_useradmin.php, (3) base_conf_contents.php, (4) base_qry_sqlcalls.php, and (5) base_ag_main.php.

Affected Products

Vendor Product Versions
SecureideasBasic Analysis And Security Engine1.1, 1.1.2, 1.1.3, 1.1.4, 1.2, 1.2.0, 1.2.1, 1.2.2, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.3.5, 1.3.6, 1.3.8, 1.3.9, 1.4.3, 1.4.4