CVE-2005-4491

Sitekit CMS <6.6 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and (4) lang parameters to (a) Default.aspx, and the (6) ClickFrom parameter to (b) Request-call-back.html and (c) registration-form.html. NOTE: the vendor states "This issue was resolved by a minor update to Sitekit CMS v6.6, sanitising the html code and eradicating related security issues."

Exploits (3)

exploitdb WRITEUP VERIFIED

by r0t3d3Vil · textwebappsasp

https://www.exploit-db.com/exploits/26948

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by r0t3d3Vil · textwebappsasp

https://www.exploit-db.com/exploits/26949

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by r0t3d3Vil · textwebappsasp

https://www.exploit-db.com/exploits/26947

View Code ZIP pw:eip

References (7)

Core 7

Core References

Third Party Advisory x_refsource_misc

http://pridels0.blogspot.com/2005/12/sitekit-cms-multiple-xss-vuln.html

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/16016

Exploit, Patch vdb-entry x_refsource_osvdb

http://www.osvdb.org/22073

Third Party Advisory mailing-list x_refsource_vim

http://www.attrition.org/pipermail/vim/2006-March/000611.html

Exploit, Patch vdb-entry x_refsource_osvdb

http://www.osvdb.org/22071

Exploit, Patch vdb-entry x_refsource_osvdb

http://www.osvdb.org/22072

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2005/3050

Scores

EPSS 0.0115

EPSS Percentile 78.6%

Details

CWE

CWE-79

Status published

Products (1)

sitekit_solutions/sitekit_cms < 6.6

Published Dec 22, 2005

Tracked Since Feb 18, 2026