Nuke Evolution Xtreme Cross-Site Scripting (XSS + RFI)
Title: Nuke Evolution Xtreme "defaultVisualExt" Cross-Site Scripting
SECUNIA ADVISORY ID: SA34783
VERIFY ADVISORY: http://secunia.com/advisories/SA34783/
Critical: Less critical
DESCRIPTION: baxr6 has reported a vulnerability in Nuke Evolution Xtreme, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "defaultVisualExt" parameter in player.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Download Dropbox