Описание
Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:nuked-klan:nuked-klan:1.7_sp4.3:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00438
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element.
EPSS
Процентиль: 63%
0.00438
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other