Nuke Evolution Xtreme Cross-Site Scripting (XSS + RFI)

Title: Nuke Evolution Xtreme "defaultVisualExt" Cross-Site Scripting

SECUNIA ADVISORY ID: SA34783

VERIFY ADVISORY: http://secunia.com/advisories/SA34783/

Critical: Less critical

DESCRIPTION: baxr6 has reported a vulnerability in Nuke Evolution Xtreme, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "defaultVisualExt" parameter in player.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Add new comment

Back To Homepage

Dean was on time and his computer diagnosis was spot on.The computer problem was fixed in a matter of minutes.Dean also noticed we had 4 computers in the house and set up our wireless router in the time he had left so we could share files.I can...

Hello, Just a quick note to say thank you to Dean for his excellent customer service he provided during a recent computer problem we had.He was more than happy to answer any questions we had, and took the time to give us a full explanation in our...

Hi there, I would like to thank Dean for the outstanding service I recently received. Dean was very thorough, explained to us in detail what was wrong with our computer,