CVE-2005-4491

Sitekit CMS <6.6 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and (4) lang parameters to (a) Default.aspx, and the (6) ClickFrom parameter to (b) Request-call-back.html and (c) registration-form.html. NOTE: the vendor states "This issue was resolved by a minor update to Sitekit CMS v6.6, sanitising the html code and eradicating related security issues."

Exploits (3)

exploitdb WRITEUP VERIFIED
by r0t3d3Vil · textwebappsasp
https://www.exploit-db.com/exploits/26947
exploitdb WRITEUP VERIFIED
by r0t3d3Vil · textwebappsasp
https://www.exploit-db.com/exploits/26949
exploitdb WRITEUP VERIFIED
by r0t3d3Vil · textwebappsasp
https://www.exploit-db.com/exploits/26948

References (7)

Scores

EPSS 0.0115
EPSS Percentile 78.3%

Classification

CWE
CWE-79
Status draft

Affected Products (1)

sitekit_solutions/sitekit_cms < 6.6

Timeline

Published Dec 22, 2005
Tracked Since Feb 18, 2026