CVE-2007-0083

Name of the Vulnerable Software and Affected Versions Nuked Klan versions 1.7 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file. This could potentially lead to remote cookie disclosure.

Recommendations For Nuked Klan versions 1.7 and earlier, consider restricting the use of getURL statements in .swf files to minimize the risk of exploitation. As a temporary workaround, avoid using javascript: URIs in getURL statements until a fix is available.