CVE-2008-2133

Name of the Vulnerable Software and Affected Versions Tru-Zone Nuke ET versions 3.x

Description A cross-site scripting issue exists in the Journal module, allowing remote attackers to inject arbitrary web script or HTML via the title parameter in a new entry. This can be demonstrated by using a CSS property in the STYLE attribute of a DIV element.

Recommendations For versions 3.x, as a temporary workaround, consider restricting access to the Journal module until a patch is available. Avoid using the title parameter in new entries to minimize the risk of exploitation.