CVE-2008-1873

Nuke ET <3.2-3.4 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jose Luis Zayas · textwebappsphp

https://www.exploit-db.com/exploits/31609

View Code ZIP pw:eip

References (5)

[Various Sources] http://mrzayas.es/wp-content/poc/nukeet.txt

[Vendor Advisory] http://secunia.com/advisories/29651

[Various Sources] http://www.mrzayas.es/2008/04/04/xploitnukeet3/

[Exploit] http://www.securityfocus.com/bid/28614

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41646

Scores

EPSS 0.0033

EPSS Percentile 55.8%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

tru-zone/nukeet

tru-zone/nukeet

Timeline

Published Apr 17, 2008

Tracked Since Feb 18, 2026