CVE-2008-1873
NukeET 3.2 and 3.4 - Authenticated Cross-Site Scripting via Private Message STYLE Attribute
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-1873. PoCs published by Jose Luis Zayas.
AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Nuke ET 3.4 by using a CSS expression to execute arbitrary JavaScript, potentially stealing cookies. The PoC leverages the 'expression' style attribute to redirect the user's cookies to an attacker-controlled server.
Description
Cross-site scripting (XSS) vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of these details are obtained from third party information.
Exploits (1)
This exploit demonstrates an HTML injection vulnerability in Nuke ET 3.4 by using a CSS expression to execute arbitrary JavaScript, potentially stealing cookies. The PoC leverages the 'expression' style attribute to redirect the user's cookies to an attacker-controlled server.