BASE < 1.4.3 XSS

High Nessus Network Monitor Plugin ID 5033

Synopsis

The remote host is vulnerable to an HTML Injection attack

Description

The remote host is running BASE, a web-based tool for analyzing alerts from one or more SNORT sensors. The version of BASE installed on the remote host allows a remote attacker to inject HTML and perform cross-site scripting (XSS) attacks against unsuspecting users. In order to inject the malicious code, the attacker would need the ability to log into the BASE system. Successful exploitation would result in the attacker executing script code within the browser of other BASE users. The two php scripts which are vulnerable to injection are: 'base_ag_main.php' and 'base_qry_main.php'.

Solution

Upgrade to BASE version 1.4.3 or later.

See Also

http://spl0it.org/blog/index.php?entry=entry090522-185228

Plugin Details

Severity: High

ID: 5033

File Name: 5033.prm

Family: CGI

Published: 2004/08/18

Modified: 2016/01/21

Dependencies: 1442

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

CVSSv3

Base Score: 7.3

Temporal Score: 7.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:U/RC:X

Reference Information

BID: 35086