Unrated severityNVD Advisory· Published Apr 17, 2008· Updated Apr 23, 2026

CVE-2008-1873

Description

Cross-site scripting (XSS) vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of these details are obtained from third party information.

Affected products

Tru Zone/Nukeet2 versions
cpe:2.3:a:tru-zone:nukeet:3.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:tru-zone:nukeet:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:tru-zone:nukeet:3.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/28614nvdExploit
secunia.com/advisories/29651nvdVendor Advisory
mrzayas.es/wp-content/poc/nukeet.txtnvd
www.mrzayas.es/2008/04/04/xploitnukeet3/nvd
exchange.xforce.ibmcloud.com/vulnerabilities/41646nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000