{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-12-11T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "sitekiosk-titlebar-security-bypass(30877)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30877"}, {"name": "20061211 [SBDA] SiteKiosk - FileSystem Access", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/454185/100/0/threaded"}, {"name": "21567", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21567"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.sitekiosk.com/th_support/versions/index.php3?id=39"}, {"name": "ADV-2006-4985", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4985"}, {"name": "23253", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23253"}, {"name": "2024", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2024"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6509", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "sitekiosk-titlebar-security-bypass(30877)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30877"}, {"name": "20061211 [SBDA] SiteKiosk - FileSystem Access", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/454185/100/0/threaded"}, {"name": "21567", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21567"}, {"name": "http://www.sitekiosk.com/th_support/versions/index.php3?id=39", "refsource": "CONFIRM", "url": "http://www.sitekiosk.com/th_support/versions/index.php3?id=39"}, {"name": "ADV-2006-4985", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4985"}, {"name": "23253", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23253"}, {"name": "2024", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2024"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:26:46.520Z"}, "title": "CVE Program Container", "references": [{"name": "sitekiosk-titlebar-security-bypass(30877)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30877"}, {"name": "20061211 [SBDA] SiteKiosk - FileSystem Access", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/454185/100/0/threaded"}, {"name": "21567", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21567"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.sitekiosk.com/th_support/versions/index.php3?id=39"}, {"name": "ADV-2006-4985", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4985"}, {"name": "23253", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23253"}, {"name": "2024", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2024"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6509", "datePublished": "2006-12-14T00:00:00", "dateReserved": "2006-12-13T00:00:00", "dateUpdated": "2024-08-07T20:26:46.520Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.9.11:*:*:*:*:*:*:*", "matchCriteriaId": "E1D131E1-457B-4443-BA8D-A153DDA1B89A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.9.14:*:*:*:*:*:*:*", "matchCriteriaId": "4A3563DA-0211-4595-8207-1A3209F1764D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.96:*:*:*:*:*:*:*", "matchCriteriaId": "5F11A488-AD48-4913-A962-6CF846B3D26C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.96.0:*:*:*:*:*:*:*", "matchCriteriaId": "257CDE22-0AE2-4BE3-9FC3-DE1454B8810F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.96.3:*:*:*:*:*:*:*", "matchCriteriaId": "85FDBE24-1A00-4F32-8C51-83F24678412E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.97.0:*:*:*:*:*:*:*", "matchCriteriaId": "880C49B6-AA89-4840-80E1-7A16BAC61F45", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "C49DF177-C03A-4884-889A-B79A45C7B4D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.26:*:*:*:*:*:*:*", "matchCriteriaId": "F37CEB07-CBBC-445A-855A-BEE7D7F0E5B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.32:*:*:*:*:*:*:*", "matchCriteriaId": "8C50C37F-0CA0-4DB6-BAAD-CFD1C7AA4266", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.35:*:*:*:*:*:*:*", "matchCriteriaId": "C86C5E3B-8DF8-47EA-8110-A25D211BAB8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.36:*:*:*:*:*:*:*", "matchCriteriaId": "C38CA94A-1173-4174-9574-F77363B1EA7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.38:*:*:*:*:*:*:*", "matchCriteriaId": "425EFE9F-4084-4526-B729-AEEDC1A84FF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.41:*:*:*:*:*:*:*", "matchCriteriaId": "EA4A23F6-B99B-4FB3-AB32-5324FAFE38B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.238:*:*:*:*:*:*:*", "matchCriteriaId": "A79BEB08-65F2-43C5-9481-5B4E8F775475", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.248:*:*:*:*:*:*:*", "matchCriteriaId": "5FAB39B1-C586-4D7C-9F46-BCD45E13AA98", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.264:*:*:*:*:*:*:*", "matchCriteriaId": "AC8B038C-CDDB-4D00-98A3-D0E7BD765F04", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.34:*:*:*:*:*:*:*", "matchCriteriaId": "F8098958-8975-43F4-AFA8-4FD26783A26C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.35:*:*:*:*:*:*:*", "matchCriteriaId": "76CB9672-C009-47E8-86CF-381EB13BB308", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.36:*:*:*:*:*:*:*", "matchCriteriaId": "2B98FE8C-737D-4925-9586-8D7E8A264C60", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.39:*:*:*:*:*:*:*", "matchCriteriaId": "D9E019C6-4C7B-41AA-9839-D970E027D5F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.45:*:*:*:*:*:*:*", "matchCriteriaId": "53B4FBEE-FFE8-478E-824F-73C490F09347", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "E56CE520-6BB4-4B96-B4C5-4AC3500D7426", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.0.98_final:*:*:*:*:*:*:*", "matchCriteriaId": "25614B18-60CD-49EC-BA4B-528449BB0F90", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.2.51:*:*:*:*:*:*:*", "matchCriteriaId": "5C47CD55-9A40-4C97-8356-3527C0377C50", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.5.149:*:*:*:*:*:*:*", "matchCriteriaId": "F52F2DD0-EA5A-46D7-9238-9A4D7395AD04", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el \"skinning feature\" del SiteKiosk en versiones anteriores a la 6.5.150 permite a usuarios locales evitar las protecciones de seguridad e inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del ABOUT: URI, que se muestra en la barra de t\u00edtulo del explorador."}], "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nSiteKiosk, SiteKiosk, 6.5.150", "id": "CVE-2006-6509", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 2.7, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-14T00:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23253"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2024"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/454185/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/21567"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.sitekiosk.com/th_support/versions/index.php3?id=39"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4985"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30877"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23253"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/454185/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/21567"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.sitekiosk.com/th_support/versions/index.php3?id=39"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4985"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30877"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}