CVE-2003-1238: XSS
First published: Wed Dec 31 2003(Updated: )
Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1) Team, (2) News, and (3) Liens modules.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nuked-klan Partenaires Module | =1.2 | |
| Nuked-klan Partenaires Module | =1.2_beta | |
| Nuked-klan Partenaires Module | =1.3 | |
| Nuked-klan Partenaires Module | =1.3_beta |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2003-1238?
CVE-2003-1238 is classified as a medium severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2003-1238?
To fix CVE-2003-1238, update Nuked-Klan to version 1.3 or later, which addresses the XSS vulnerability.
What modules are affected by CVE-2003-1238?
CVE-2003-1238 affects the Team, News, and Liens modules within Nuked-Klan.
Can CVE-2003-1238 lead to cookie theft?
Yes, CVE-2003-1238 can allow remote attackers to steal authentication cookies through script injection.
Is there a specific version of Nuked-Klan that is safe from CVE-2003-1238?
Yes, Nuked-Klan version 1.3 and later are safe from CVE-2003-1238.
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/nuked-klan
- canonical/nuked-klan partenaires module
- version/nuked-klan partenaires module/1.2
- version/nuked-klan partenaires module/1.2_beta
- version/nuked-klan partenaires module/1.3
- version/nuked-klan partenaires module/1.3_beta