mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
776 B
776 B
CVE-2006-4480
Description
Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element.
POC
Reference
Github
No PoCs found on GitHub currently.