CVE-2006-1590
CVE-2006-1590 is a medium-severity vulnerability in Kevin Johnson Basic Analysis And Security Engine with a CVSS 2.0 base score of 4.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 4.3)
- EPSS exploit prediction: 4% (89th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Kevin Johnson Basic Analysis And Security Engine
- Published:
- Last modified:
Description
Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation.
Frequently asked questions
- What is CVE-2006-1590?
- Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation.
- How severe is CVE-2006-1590?
- CVE-2006-1590 has a CVSS 2.0 base score of 4.3, rated medium severity.
- Is CVE-2006-1590 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 4% (89th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2006-1590?
- CVE-2006-1590 primarily affects Kevin Johnson Basic Analysis And Security Engine. In total, 16 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2006-1590?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2006-1590 published?
- CVE-2006-1590 was published on 2006-04-03 and last updated on 2026-06-16.
References
- http://secunia.com/advisories/19544
- http://sourceforge.net/mailarchive/forum.php?thread_id=10064470&forum_id=42223
- http://www.osvdb.org/20835
- http://www.osvdb.org/24307
- http://www.securityfocus.com/bid/17391
- http://www.vupen.com/english/advisories/2006/1264
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25671
Affected products (16)
- cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:0.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:0.9.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:0.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:roman_danyliw:analysis_console_for_intrusion_databases_\(acid\):0.9.6b23:*:*:*:*:*:*:*
More vulnerabilities in Kevin Johnson Basic Analysis And Security Engine
- CVE-2006-2685 — Medium (CVSS 4.0): PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with…
All CVEs affecting Kevin Johnson Basic Analysis And Security Engine →