VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published May 6, 2010· Updated Apr 29, 2026

CVE-2009-4837

CVE-2009-4837

Description

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] parameter to (2) base/base_stat_alerts.php or (3) base/base_stat_uaddr.php. NOTE: some of these details are obtained from third party information.

Affected products

17
  • Secureideas/Basic Analysis And Security Engine17 versions
    cpe:2.3:a:secureideas:basic_analysis_and_security_engine:*:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:secureideas:basic_analysis_and_security_engine:*:*:*:*:*:*:*:*range: <=1.4.3
    • cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.3.9:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.