mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
226 lines
8.2 KiB
JSON
226 lines
8.2 KiB
JSON
{
|
|
"id": "CVE-2006-6509",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2006-12-14T00:28:00.000",
|
|
"lastModified": "2018-10-17T21:49:01.847",
|
|
"vulnStatus": "Modified",
|
|
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nSiteKiosk, SiteKiosk, 6.5.150",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el \"skinning feature\" del SiteKiosk en versiones anteriores a la 6.5.150 permite a usuarios locales evitar las protecciones de seguridad e inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del ABOUT: URI, que se muestra en la barra de t\u00edtulo del explorador."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P",
|
|
"accessVector": "LOCAL",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 4.1
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 2.7,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": true,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-Other"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.9.11:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E1D131E1-457B-4443-BA8D-A153DDA1B89A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.9.14:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4A3563DA-0211-4595-8207-1A3209F1764D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.96:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5F11A488-AD48-4913-A962-6CF846B3D26C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.96.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "257CDE22-0AE2-4BE3-9FC3-DE1454B8810F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.96.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "85FDBE24-1A00-4F32-8C51-83F24678412E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.97.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "880C49B6-AA89-4840-80E1-7A16BAC61F45"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.19:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C49DF177-C03A-4884-889A-B79A45C7B4D4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.26:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F37CEB07-CBBC-445A-855A-BEE7D7F0E5B5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.32:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8C50C37F-0CA0-4DB6-BAAD-CFD1C7AA4266"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.35:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C86C5E3B-8DF8-47EA-8110-A25D211BAB8F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.36:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C38CA94A-1173-4174-9574-F77363B1EA7F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.38:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "425EFE9F-4084-4526-B729-AEEDC1A84FF0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.41:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EA4A23F6-B99B-4FB3-AB32-5324FAFE38B6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.238:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A79BEB08-65F2-43C5-9481-5B4E8F775475"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.248:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5FAB39B1-C586-4D7C-9F46-BCD45E13AA98"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.264:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AC8B038C-CDDB-4D00-98A3-D0E7BD765F04"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.34:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F8098958-8975-43F4-AFA8-4FD26783A26C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.35:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "76CB9672-C009-47E8-86CF-381EB13BB308"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.36:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2B98FE8C-737D-4925-9586-8D7E8A264C60"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.39:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D9E019C6-4C7B-41AA-9839-D970E027D5F5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.45:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "53B4FBEE-FFE8-478E-824F-73C490F09347"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.0.14:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E56CE520-6BB4-4B96-B4C5-4AC3500D7426"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.0.98_final:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "25614B18-60CD-49EC-BA4B-528449BB0F90"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.2.51:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5C47CD55-9A40-4C97-8356-3527C0377C50"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.5.149:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F52F2DD0-EA5A-46D7-9238-9A4D7395AD04"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://securityreason.com/securityalert/2024",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/454185/100/0/threaded",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/21567",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.sitekiosk.com/th_support/versions/index.php3?id=39",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2006/4985",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30877",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |