Back to search
CVE-2006-4480
Published: Aug 31, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20060830 Nuked Klan 1.7 SP4.3 : Function Anti-XSS Bypassed
mailing-list
x_refsource_BUGTRAQ
1478
third-party-advisory
x_refsource_SREASON
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now