CVE-2005-4491

Name of the Vulnerable Software and Affected Versions Sitekit CMS versions prior to 6.6

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. This can be achieved via several parameters, including the query string, textonly, locID, and lang parameters to "Default.aspx", and the ClickFrom parameter to "Request-call-back.html" and "registration-form.html". The vendor has stated that this issue was resolved by a minor update to Sitekit CMS v6.6, which sanitized the HTML code and eradicated related security issues.

Recommendations For Sitekit CMS versions prior to 6.6, update to version 6.6 or later, which includes the minor update that sanitizes the HTML code and resolves the security issues. As a temporary workaround, consider restricting access to the affected parameters, such as textonly, locID, lang, and ClickFrom, until the update can be applied.