PT-2009-1147 · Base+1 · Basic Analysis/Security Engine+1

David Gil

Published

2009-02-18

Updated

2017-08-17

CVE-2005-4878

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Analysis Console for Intrusion Databases (ACID) version 0.9.6b20 Basic Analysis and Security Engine (BASE) version 1.2

Description The issue allows remote attackers to inject arbitrary web script or HTML via the sig[1] parameter and possibly other parameters in certain console scripts. This can lead to cross-site scripting (XSS) attacks.

Recommendations For Analysis Console for Intrusion Databases (ACID) version 0.9.6b20, avoid using the sig[1] parameter in the affected API endpoint until the issue is resolved. For Basic Analysis and Security Engine (BASE) version 1.2, restrict access to the vulnerable console scripts to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2005-4878

Affected Products

Analysis Console For Intrusion Databases

Basic Analysis/Security Engine

PT-2009-1147 · Base+1 · Basic Analysis/Security Engine+1

CVE-2005-4878

Weakness Enumeration

Related Identifiers

Affected Products

References · 7