{ "id": "CVE-2006-6509", "sourceIdentifier": "cve@mitre.org", "published": "2006-12-14T00:28:00.000", "lastModified": "2018-10-17T21:49:01.847", "vulnStatus": "Modified", "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nSiteKiosk, SiteKiosk, 6.5.150", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser." }, { "lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el \"skinning feature\" del SiteKiosk en versiones anteriores a la 6.5.150 permite a usuarios locales evitar las protecciones de seguridad e inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del ABOUT: URI, que se muestra en la barra de t\u00edtulo del explorador." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "accessVector": "LOCAL", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 4.1 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 2.7, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.9.11:*:*:*:*:*:*:*", "matchCriteriaId": "E1D131E1-457B-4443-BA8D-A153DDA1B89A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.9.14:*:*:*:*:*:*:*", "matchCriteriaId": "4A3563DA-0211-4595-8207-1A3209F1764D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.96:*:*:*:*:*:*:*", "matchCriteriaId": "5F11A488-AD48-4913-A962-6CF846B3D26C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.96.0:*:*:*:*:*:*:*", "matchCriteriaId": "257CDE22-0AE2-4BE3-9FC3-DE1454B8810F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.96.3:*:*:*:*:*:*:*", "matchCriteriaId": "85FDBE24-1A00-4F32-8C51-83F24678412E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.97.0:*:*:*:*:*:*:*", "matchCriteriaId": "880C49B6-AA89-4840-80E1-7A16BAC61F45" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "C49DF177-C03A-4884-889A-B79A45C7B4D4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.26:*:*:*:*:*:*:*", "matchCriteriaId": "F37CEB07-CBBC-445A-855A-BEE7D7F0E5B5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.32:*:*:*:*:*:*:*", "matchCriteriaId": "8C50C37F-0CA0-4DB6-BAAD-CFD1C7AA4266" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.35:*:*:*:*:*:*:*", "matchCriteriaId": "C86C5E3B-8DF8-47EA-8110-A25D211BAB8F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.36:*:*:*:*:*:*:*", "matchCriteriaId": "C38CA94A-1173-4174-9574-F77363B1EA7F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.38:*:*:*:*:*:*:*", "matchCriteriaId": "425EFE9F-4084-4526-B729-AEEDC1A84FF0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.41:*:*:*:*:*:*:*", "matchCriteriaId": "EA4A23F6-B99B-4FB3-AB32-5324FAFE38B6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.238:*:*:*:*:*:*:*", "matchCriteriaId": "A79BEB08-65F2-43C5-9481-5B4E8F775475" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.248:*:*:*:*:*:*:*", "matchCriteriaId": "5FAB39B1-C586-4D7C-9F46-BCD45E13AA98" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.264:*:*:*:*:*:*:*", "matchCriteriaId": "AC8B038C-CDDB-4D00-98A3-D0E7BD765F04" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.34:*:*:*:*:*:*:*", "matchCriteriaId": "F8098958-8975-43F4-AFA8-4FD26783A26C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.35:*:*:*:*:*:*:*", "matchCriteriaId": "76CB9672-C009-47E8-86CF-381EB13BB308" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.36:*:*:*:*:*:*:*", "matchCriteriaId": "2B98FE8C-737D-4925-9586-8D7E8A264C60" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.39:*:*:*:*:*:*:*", "matchCriteriaId": "D9E019C6-4C7B-41AA-9839-D970E027D5F5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.45:*:*:*:*:*:*:*", "matchCriteriaId": "53B4FBEE-FFE8-478E-824F-73C490F09347" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "E56CE520-6BB4-4B96-B4C5-4AC3500D7426" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.0.98_final:*:*:*:*:*:*:*", "matchCriteriaId": "25614B18-60CD-49EC-BA4B-528449BB0F90" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.2.51:*:*:*:*:*:*:*", "matchCriteriaId": "5C47CD55-9A40-4C97-8356-3527C0377C50" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.5.149:*:*:*:*:*:*:*", "matchCriteriaId": "F52F2DD0-EA5A-46D7-9238-9A4D7395AD04" } ] } ] } ], "references": [ { "url": "http://securityreason.com/securityalert/2024", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/archive/1/454185/100/0/threaded", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/bid/21567", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "http://www.sitekiosk.com/th_support/versions/index.php3?id=39", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "http://www.vupen.com/english/advisories/2006/4985", "source": "cve@mitre.org" }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30877", "source": "cve@mitre.org" } ] }