I am the autor of document "Snort, Apache, MYSQL, PHP, y BASE instalación en Slackware" that you published two months ago.
I have discovered a two variables that are vulnerable to XSS( A1 - OWASP ).
In the page base_qry_main.php the variables sig%5B0%5D and sig%5B1%5D. Introducing unexpectes values is able to inyect html code.
I send us two evidences:
1) In the first I inyected a script with shows the cookie of visitor.
2) In the second I inyected a html code for obtain a banner with text "XSS Vulnerable" and a malware link to "http://www.download.com/troyan.exe".