CVE-2006-4480 in Nuked-Klanالمعلومات

الملخص

بحسب MITRE

Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element.

Be aware that VulDB is the high quality source for vulnerability data.

حجز

31/08/2006

إفشاء

31/08/2006

الاعتدال

تمت الموافقة

إدخال

VDB-32042

EPSS

0.01254

KEV

لا

النشاطات

منخفض جدًا

المصادر

Might our Artificial Intelligence support you?

Check our Alexa App!