Unrated severityNVD Advisory· Published Dec 22, 2005· Updated Apr 16, 2026

CVE-2005-4491

Description

Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and (4) lang parameters to (a) Default.aspx, and the (6) ClickFrom parameter to (b) Request-call-back.html and (c) registration-form.html. NOTE: the vendor states "This issue was resolved by a minor update to Sitekit CMS v6.6, sanitising the html code and eradicating related security issues."

Affected products

Sitekit Solutions/Sitekit CMS
cpe:2.3:a:sitekit_solutions:sitekit_cms:*:*:*:*:*:*:*:*
Range: <=6.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.osvdb.org/22071nvdExploitPatch
www.osvdb.org/22072nvdExploitPatch
www.osvdb.org/22073nvdExploitPatch
www.securityfocus.com/bid/16016nvdExploit
www.vupen.com/english/advisories/2005/3050nvdVendor Advisory
pridels0.blogspot.com/2005/12/sitekit-cms-multiple-xss-vuln.htmlnvd
www.attrition.org/pipermail/vim/2006-March/000611.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000