CVE-2006-6509
CVE-2006-6509 is a medium-severity vulnerability in Sitekiosk with a CVSS 2.0 base score of 4.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 4.1)
- EPSS exploit prediction: 0% (20th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Sitekiosk
- Published:
- Last modified:
Description
Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser.
Frequently asked questions
- What is CVE-2006-6509?
- Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser.
- How severe is CVE-2006-6509?
- CVE-2006-6509 has a CVSS 2.0 base score of 4.1, rated medium severity.
- Is CVE-2006-6509 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (20th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2006-6509?
- CVE-2006-6509 primarily affects Sitekiosk. In total, 25 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2006-6509?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2006-6509 published?
- CVE-2006-6509 was published on 2006-12-14 and last updated on 2026-06-16.
References
- http://secunia.com/advisories/23253
- http://securityreason.com/securityalert/2024
- http://www.securityfocus.com/archive/1/454185/100/0/threaded
- http://www.securityfocus.com/bid/21567
- http://www.sitekiosk.com/th_support/versions/index.php3?id=39
- http://www.vupen.com/english/advisories/2006/4985
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30877
Affected products (25)
- cpe:2.3:a:sitekiosk:sitekiosk:4.9.11:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:4.9.14:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:4.96:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:4.96.0:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:4.96.3:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:4.97.0:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:5.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:5.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:5.0.32:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:5.0.35:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:5.0.36:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:5.0.38:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:5.0.41:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:5.0.238:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:5.0.248:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:5.0.264:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:5.5.34:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:5.5.35:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:5.5.36:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:5.5.39:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:5.5.45:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:6.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:6.0.98_final:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:6.2.51:*:*:*:*:*:*:*
- cpe:2.3:a:sitekiosk:sitekiosk:6.5.149:*:*:*:*:*:*:*
More vulnerabilities in Sitekiosk
- CVE-2006-6510 — Low (CVSS 1.7): An unspecified ActiveX control in SiteKiosk before 6.5.150 is installed "safe for scripting", which allows local users…