Lucene search

MitreCVE-2005-4491

HistoryDec 22, 2005 - 11:03 a.m.

CVE-2005-4491

2005-12-2211:03:00

CWE-79

mitre

web.nvd.nist.gov

cve

2005

4491

xss

vulnerabilities

sitekit

cms

web script

html

remote attackers

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

High

EPSS

0.005

Percentile

75.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and (4) lang parameters to (a) Default.aspx, and the (6) ClickFrom parameter to (b) Request-call-back.html and © registration-form.html. NOTE: the vendor states “This issue was resolved by a minor update to Sitekit CMS v6.6, sanitising the html code and eradicating related security issues.”

Affected configurations

Nvd

Node

sitekit_solutionssitekit_cmsRange≤6.6

VendorProductVersionCPE
sitekit_solutionssitekit_cms*cpe:2.3:a:sitekit_solutions:sitekit_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sitekit_solutions	sitekit_cms	*	cpe:2.3:a:sitekit_solutions:sitekit_cms::::::::

References

pridels0.blogspot.com/2005/12/sitekit-cms-multiple-xss-vuln.html

www.attrition.org/pipermail/vim/2006-March/000611.html

www.osvdb.org/22071

www.osvdb.org/22072

www.osvdb.org/22073

www.securityfocus.com/bid/16016

www.vupen.com/english/advisories/2005/3050

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

High

EPSS

0.005

Percentile

75.6%

JSON

Related for CVE-2005-4491