CVE-2006-4480

Name of the Vulnerable Software and Affected Versions Nuked-Klan version 1.7 SP4.3

Description The issue allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist. This can be demonstrated using the STYLE attribute of a B element.

Recommendations For Nuked-Klan version 1.7 SP4.3, consider updating the blacklist in the nk CSS function to include all potentially vulnerable attributes, such as the STYLE attribute, to prevent bypassing of anti-XSS features. As a temporary workaround, consider restricting the use of JavaScript in attribute values until a comprehensive fix is applied.