Vulnerability Details CVE-2006-4480
Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.3%
CVSS Severity
CVSS v2 Score 4.3
References
Products affected by CVE-2006-4480
-
cpe:2.3:a:nuked-klan:nuked-klan:1.7_sp4.3