CVE-2005-3436: XSS
First published: Wed Nov 02 2005(Updated: )
Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows remote attackers to inject arbitrary web script or HTML via the (1) Search module, (2) certain edit fields in Guestbook, (3) the title in the Forum module, and (4) Textbox.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nuked-klan Partenaires Module | =1.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-3436?
The severity of CVE-2005-3436 is considered to be high due to the potential for remote attackers to execute arbitrary scripts in the context of a user's browser.
How do I fix CVE-2005-3436?
To fix CVE-2005-3436, it is recommended to upgrade to a newer version of Nuked-Klan that addresses the XSS vulnerabilities.
What types of input vectors are affected by CVE-2005-3436?
CVE-2005-3436 can be exploited through input vectors such as the Search module, Guestbook edit fields, Forum title, and Textbox.
Who is at risk from CVE-2005-3436?
Users of Nuked-Klan version 1.7 who have not applied security patches or upgrades are at risk from CVE-2005-3436.
What are the consequences of exploiting CVE-2005-3436?
Exploiting CVE-2005-3436 may allow an attacker to perform actions on behalf of a user, steal cookies, or deface the website.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/nuked-klan
- canonical/nuked-klan partenaires module
- version/nuked-klan partenaires module/1.7