Vulnerabilities > Secureideas > Basic Analysis AND Security Engine > 1.3.8

DATE	CVE	VULNERABILITY TITLE	RISK
2010-05-06	CVE-2009-4839	Cross-Site Scripting vulnerability in Secureideas Basic Analysis and Security Engine Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2) admin/base_useradmin.php, (3) base_conf_contents.php, (4) base_qry_sqlcalls.php, and (5) base_ag_main.php. network secureideas CWE-79	4.3
2010-05-06	CVE-2009-4838	SQL Injection vulnerability in Secureideas Basic Analysis and Security Engine SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. network low complexity secureideas CWE-89	7.5
2010-05-06	CVE-2009-4837	Cross-Site Scripting vulnerability in Secureideas Basic Analysis and Security Engine Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] parameter to (2) base/base_stat_alerts.php or (3) base/base_stat_uaddr.php. network secureideas CWE-79	4.3
2007-11-29	CVE-2007-6156	Cross-Site Scripting vulnerability in Secureideas Basic Analysis and Security Engine Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[0] and (2) sig[1] parameters. network secureideas CWE-79	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.