PT-2008-3404 · Foundry+1 · Nuke Et+1

Published

2008-04-17

Updated

2017-08-08

CVE-2008-1873

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Nuke ET versions 3.2 and 3.4

Description A cross-site scripting issue exists in the private message feature, allowing remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter when using Internet Explorer.

Recommendations For Nuke ET version 3.2, update or modify the private message feature to properly sanitize the mensaje parameter. For Nuke ET version 3.4, update or modify the private message feature to properly sanitize the mensaje parameter. As a temporary workaround, consider restricting access to the private message feature until a proper fix is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2008-1873

Affected Products

Internet Explorer

Nuke Et

PT-2008-3404 · Foundry+1 · Nuke Et+1

CVE-2008-1873

Weakness Enumeration

Related Identifiers

Affected Products

References · 7