CVE-2006-1590
Summary
| CVE | CVE-2006-1590 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-04-03 10:04:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation. |
Risk And Classification
Primary CVSS: v2.0 4.3 from [email protected]
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS: 0.098410000 probability, percentile 0.929910000 (date 2026-04-19)
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:N/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| www.osvdb.org/20835 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| SourceForge.net: secureideas-base-devel | af854a3a-2127-422b-91ae-364da2661108 | sourceforge.net | |
| Secunia - Advisories - Basic Analysis and Security Engine "PrintFreshPage()" Cross-Site Scripting | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Basic Analysis and Security Engine PrintFreshPage Cross-Site Scripting Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| www.osvdb.org/24307 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.