CVE-2009-4837

Published: May 6, 2010Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] parameter to (2) base/base_stat_alerts.php or (3) base/base_stat_uaddr.php. NOTE: some of these details are obtained from third party information.

Affected (17)

Products: Secureideas: Basic Analysis And Security Engine

Secureideas

1 product

Basic Analysis And Security Engine

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Secureideas Basic Analysis And Security Engine	Up to 1.4.3
Secureideas Basic Analysis And Security Engine	Version 1.1.2
Secureideas Basic Analysis And Security Engine	Version 1.1.3
Secureideas Basic Analysis And Security Engine	Version 1.1.4
Secureideas Basic Analysis And Security Engine	Version 1.1
Secureideas Basic Analysis And Security Engine	Version 1.2.0
Secureideas Basic Analysis And Security Engine	Version 1.2.1
Secureideas Basic Analysis And Security Engine	Version 1.2.2
Secureideas Basic Analysis And Security Engine	Version 1.2.4
Secureideas Basic Analysis And Security Engine	Version 1.2.5
Secureideas Basic Analysis And Security Engine	Version 1.2.6
Secureideas Basic Analysis And Security Engine	Version 1.2.7
Secureideas Basic Analysis And Security Engine	Version 1.2
Secureideas Basic Analysis And Security Engine	Version 1.3.5
Secureideas Basic Analysis And Security Engine	Version 1.3.6
Secureideas Basic Analysis And Security Engine	Version 1.3.8
Secureideas Basic Analysis And Security Engine	Version 1.3.9