Cross-site Scripting Vulnerability in Nuke Evolution Xtreme
CVE-2009-1457

Currently unrated

Key Information:

Vendor

Evolution-extreme

Status
Nuke Evolution Xtreme
Vendor
CVE Published:
28 April 2009

What is CVE-2009-1457?

A cross-site scripting (XSS) vulnerability exists in player.php of Nuke Evolution Xtreme 2.x that allows remote attackers to inject malicious web scripts or HTML via the defaultVisualExt parameter. This flaw poses a risk by enabling attackers to manipulate web content, potentially leading to unauthorized actions or access by users interacting with the affected application. The vulnerability highlights the need for proper validation of user input and enhanced security measures in web applications.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/49944
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/34594
vdb-entryx_refsource_BID
http://secunia.com/advisories/34783
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.