2 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of...
CVE-2005-3748
CVE-2005-3748 describes an SQL injection in the Search module of Tru-Zone Nuke ET 3.2 (and possibly earlier versions). The vulnerability allows remote attackers to manipulate the database by injecting SQL via the query parameter. The NVD entry records a CVSS v2 base score of 7.5 (HIGH) with netwo...