David Gil

**Name of the Vulnerable Software and Affected Versions** Analysis Console for Intrusion Databases (ACID) version 0.9.6b20 Basic Analysis and Security Engine (BASE) version 1.2 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `sig[1]` parameter and possibly other parameters in certain console scripts. This can lead to cross-site scripting (XSS) attacks. **Recommendations** For Analysis Console for Intrusion Databases (ACID) version 0.9.6b20, avoid using the `sig[1]` parameter in the affected API endpoint until the issue is resolved. For Basic Analysis and Security Engine (BASE) version 1.2, restrict access to the vulnerable console scripts to minimize the risk of exploitation.