VYPR
Unrated severityNVD Advisory· Published Aug 31, 2006· Updated Jun 16, 2026

CVE-2006-4480

CVE-2006-4480

Description

Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element.

Affected products

2
  • cpe:2.3:a:nuked-klan:nuked-klan:1.7_sp4.3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:nuked-klan:nuked-klan:1.7_sp4.3:*:*:*:*:*:*:*
    • (no CPE)range: = 1.7 SP4.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.

CVE-2006-4480 · VYPR