CVE-2006-1590

Publication date 3 April 2006

Last updated 17 July 2025

Ubuntu priority

Medium

Why this priority?

Description

Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation.

Status

Package Ubuntu Release Status
acidbase 9.10 karmic
Fixed 1.2.5-1
9.04 jaunty
Fixed 1.2.5-1
8.10 intrepid
Fixed 1.2.5-1
8.04 LTS hardy
Fixed 1.2.5-1
7.10 gutsy
Fixed 1.2.5-1
7.04 feisty
Fixed 1.2.5-1
6.10 edgy
Fixed 1.2.5-1
6.06 LTS dapper Ignored end of life

References

Other references

Access our resources on patching vulnerabilities