Bug 202750 - net-analyzer/base < 1.3.9 base_qry_main.php XSS (CVE-2007-6156)
Bug#: 202750 (CVE-2007-6156) Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: trivial Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: rbu@gentoo.org
Component: Vulnerabilities
URL:  http://sourceforge.net/tracker/index.php?func=detail&aid=1801192&group_id=103348&atid=635582
Summary: net-analyzer/base < 1.3.9 base_qry_main.php XSS (CVE-2007-6156)
Keywords:  
Status Whiteboard: ~4 [noglsa]
Opened: 2007-12-19 04:43 0000
Description:   Opened: 2007-12-19 04:43 0000 
CVE-2007-6156 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6156):
  Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in
  Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers
  to inject arbitrary web script or HTML via the (1) sig[0] and (2) sig[1]
  parameters.

------- Comment #1 From Robert Buchholz 2007-12-19 04:48:39 0000 ------- 
Netmon, please bump.

------- Comment #2 From Robert Buchholz 2008-01-08 02:46:11 0000 ------- 
netmon, ping.

------- Comment #3 From Sune Kloppenborg Jeppesen 2008-02-26 20:57:22 0000 ------- 
netmon please advise.

------- Comment #4 From Pierre-Yves Rofes 2008-05-11 14:41:03 0000 ------- 
rbu (or someone else with commit access), please bump so we can close this
one...

------- Comment #5 From Pierre-Yves Rofes 2008-07-06 21:06:56 0000 ------- 
(In reply to comment #4)
> rbu (or someone else with commit access), please bump so we can close this
> one...
> 

*ping*, it's been half a year now...

------- Comment #6 From Robert Buchholz 2008-07-06 21:40:48 0000 ------- 
*** Bug 229965 has been marked as a duplicate of this bug. ***

------- Comment #7 From Robert Buchholz 2008-07-06 22:09:56 0000 ------- 
+  06 Jul 2008; Robert Buchholz <rbu@gentoo.org> -base-1.3.6.ebuild,
+  -base-1.3.8.ebuild, +base-1.4.0.ebuild:
+  Version bump, Fixes: XSS Security bug #202750 and undefined function
+  base_header() #201643