vendor:
NukeET
by:
SecurityFocus
3.3
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: NukeET
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005
NukeET Cross-Site Scripting Vulnerability
NukeET is prone to a cross-site scripting vulnerability. The source of this issue is that HTML and script code is not properly sanitized from URI variables before being output in a dynamically generated Web page. However, to successfully trigger the issue, HTML and script code may be Base64-encoded when passed as a URI variable argument. An attacker may exploit the issue by enticing a user to following a link that includes hostile Base64-encoded HTML and script code. The malicious input will be decoded by the application and may then be rendered in the browser of the user who visits the link.
Mitigation:
Input validation should be used to ensure that user-supplied data is properly sanitized before being output in a dynamically generated Web page.
