Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 202750 (CVE-2007-6156) - net-analyzer/base < 1.3.9 base_qry_main.php XSS (CVE-2007-6156)
Summary: net-analyzer/base < 1.3.9 base_qry_main.php XSS (CVE-2007-6156)
Status: RESOLVED FIXED
Alias: CVE-2007-6156
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://sourceforge.net/tracker/index....
Whiteboard: ~4 [noglsa]
Keywords:
: 229965 (view as bug list)
Depends on:
Blocks:
 
Reported: 2007-12-19 04:43 UTC by Robert Buchholz (RETIRED)
Modified: 2008-07-06 22:09 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-12-19 04:43:53 UTC 
CVE-2007-6156 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6156):
  Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in
  Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers
  to inject arbitrary web script or HTML via the (1) sig[0] and (2) sig[1]
  parameters.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-12-19 04:48:39 UTC 
Netmon, please bump.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-01-08 02:46:11 UTC 
netmon, ping.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-26 20:57:22 UTC 
netmon please advise.
Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-05-11 14:41:03 UTC 
rbu (or someone else with commit access), please bump so we can close this one...
Comment 5 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-07-06 21:06:56 UTC 
(In reply to comment #4)
> rbu (or someone else with commit access), please bump so we can close this
> one...
> 

*ping*, it's been half a year now...
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2008-07-06 21:40:48 UTC 
*** Bug 229965 has been marked as a duplicate of this bug. ***
Comment 7 Robert Buchholz (RETIRED) gentoo-dev 2008-07-06 22:09:56 UTC 
+  06 Jul 2008; Robert Buchholz <rbu@gentoo.org> -base-1.3.6.ebuild,
+  -base-1.3.8.ebuild, +base-1.4.0.ebuild:
+  Version bump, Fixes: XSS Security bug #202750 and undefined function
+  base_header() #201643