Title: Nuked-Klan Forum Module HTML Injection Vulnerability
Severity: MODERATE
Description:
A vulnerability has been discovered in the Nuked-Klan 'Forum' module. It has been reported that Nuked-Klan fails to sufficiently sanitize HTML and script code embedded in certain user-supplied variables. Specifically, the 'Forum' module fails to filter the 'Pseudo' and 'Titre' forum post form fields for malicious input.
As a result, attackers may embed malicious script code or HTML into forum posts. When a malicious post is viewed by another user, the attacker-supplied code will be interpreted in their web browser in the security context of the site hosting the software.
It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible.
Affected Products:
- Nuked-Klan Nuked-Klan 1.2.0 beta
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
