NukeET Base64 Codigo Variable Cross-Site Scripting Vulnerability

NukeET Base64 Codigo Variable Cross-Site Scripting Vulnerability

NukeET is prone to a cross-site scripting vulnerability.

The source of this issue is that HTML and script code is not properly sanitized from URI variables before being output in a dynamically generated Web page. However, to successfully trigger the issue, HTML and script code may be Base64-encoded when passed as a URI variable argument.

An attacker may exploit the issue by enticing a user to following a link that includes hostile Base64-encoded HTML and script code. The malicious input will be decoded by the application and may then be rendered in the browser of the user who visits the link.