CVE-2006-6509

Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser.

CVSS v2.0 4.1 MEDIUM

4.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 2.7 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/23253
http://securityreason.com/securityalert/2024
http://www.securityfocus.com/archive/1/454185/100/0/threaded
http://www.securityfocus.com/bid/21567	Patch
http://www.sitekiosk.com/th_support/versions/index.php3?id=39	Patch
http://www.vupen.com/english/advisories/2006/4985
https://exchange.xforce.ibmcloud.com/vulnerabilities/30877
http://secunia.com/advisories/23253
http://securityreason.com/securityalert/2024
http://www.securityfocus.com/archive/1/454185/100/0/threaded
http://www.securityfocus.com/bid/21567	Patch
http://www.sitekiosk.com/th_support/versions/index.php3?id=39	Patch
http://www.vupen.com/english/advisories/2006/4985
https://exchange.xforce.ibmcloud.com/vulnerabilities/30877

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sitekiosk:sitekiosk:4.9.11:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:4.9.14:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:4.96:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:4.96.0:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:4.96.3:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:4.97.0:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.19:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.26:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.32:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.35:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.36:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.38:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.41:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.238:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.248:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.264:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.5.34:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.5.35:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.5.36:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.5.39:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.5.45:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:6.0.14:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:6.0.98_final:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:6.2.51:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:6.5.149:::::::*

History

21 Nov 2024, 00:22

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/23253 -~~	() http://secunia.com/advisories/23253 -
References	~~() http://securityreason.com/securityalert/2024 -~~	() http://securityreason.com/securityalert/2024 -
References	~~() http://www.securityfocus.com/archive/1/454185/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/454185/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/21567 - Patch~~	() http://www.securityfocus.com/bid/21567 - Patch
References	~~() http://www.sitekiosk.com/th_support/versions/index.php3?id=39 - Patch~~	() http://www.sitekiosk.com/th_support/versions/index.php3?id=39 - Patch
References	~~() http://www.vupen.com/english/advisories/2006/4985 -~~	() http://www.vupen.com/english/advisories/2006/4985 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/30877 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/30877 -

Information

Published : 2006-12-14 00:28

Updated : 2025-04-09 00:30

NVD link : CVE-2006-6509

Mitre link : CVE-2006-6509

CVE.ORG link : CVE-2006-6509

JSON object : View

Products Affected

sitekiosk

sitekiosk

CWE

NVD-CWE-Other

{"id": "CVE-2006-6509", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 2.7, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-12-14T00:28:00.000", "references": [{"url": "http://secunia.com/advisories/23253", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2024", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/454185/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21567", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.sitekiosk.com/th_support/versions/index.php3?id=39", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4985", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30877", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23253", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/2024", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/454185/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/21567", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.sitekiosk.com/th_support/versions/index.php3?id=39", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/4985", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30877", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el \"skinning feature\" del SiteKiosk en versiones anteriores a la 6.5.150 permite a usuarios locales evitar las protecciones de seguridad e inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del ABOUT: URI, que se muestra en la barra de t\u00edtulo del explorador."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.9.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1D131E1-457B-4443-BA8D-A153DDA1B89A"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.9.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A3563DA-0211-4595-8207-1A3209F1764D"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.96:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F11A488-AD48-4913-A962-6CF846B3D26C"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.96.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "257CDE22-0AE2-4BE3-9FC3-DE1454B8810F"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.96.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85FDBE24-1A00-4F32-8C51-83F24678412E"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.97.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "880C49B6-AA89-4840-80E1-7A16BAC61F45"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C49DF177-C03A-4884-889A-B79A45C7B4D4"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F37CEB07-CBBC-445A-855A-BEE7D7F0E5B5"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C50C37F-0CA0-4DB6-BAAD-CFD1C7AA4266"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C86C5E3B-8DF8-47EA-8110-A25D211BAB8F"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C38CA94A-1173-4174-9574-F77363B1EA7F"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "425EFE9F-4084-4526-B729-AEEDC1A84FF0"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.41:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA4A23F6-B99B-4FB3-AB32-5324FAFE38B6"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.238:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A79BEB08-65F2-43C5-9481-5B4E8F775475"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.248:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FAB39B1-C586-4D7C-9F46-BCD45E13AA98"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.264:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC8B038C-CDDB-4D00-98A3-D0E7BD765F04"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8098958-8975-43F4-AFA8-4FD26783A26C"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76CB9672-C009-47E8-86CF-381EB13BB308"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B98FE8C-737D-4925-9586-8D7E8A264C60"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9E019C6-4C7B-41AA-9839-D970E027D5F5"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.45:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53B4FBEE-FFE8-478E-824F-73C490F09347"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E56CE520-6BB4-4B96-B4C5-4AC3500D7426"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.0.98_final:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25614B18-60CD-49EC-BA4B-528449BB0F90"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.2.51:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C47CD55-9A40-4C97-8356-3527C0377C50"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.5.149:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F52F2DD0-EA5A-46D7-9238-9A4D7395AD04"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nSiteKiosk, SiteKiosk, 6.5.150"}

4.1 /10