Vulnerabilities > CVE-2006-4480 - Cross-Site Scripting vulnerability in Nuked-Klan 1.7Sp4.3

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

nuked-klan

NVD

Published: 2006-08-31

Updated: 2018-10-17

Summary

Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element.

Vulnerable Configurations

Part	Description	Count
Application	Nuked-Klan Nuked Klan Nuked Klan 1.7_Sp4.3	1

References

http://securityreason.com/securityalert/1478
http://www.securityfocus.com/archive/1/444749/100/0/threaded