Vulnerabilities > CVE-2006-6640 - Cross-Site Scripting vulnerability in Omniture Sitecatalyst 0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCatalyst allow remote attackers to inject arbitrary web script or HTML via the (1) ss parameter in (a) search.asp and the (2) company and (3) username fields on (b) the web login page. NOTE: some details were obtained from third party information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Omniture SiteCatalyst Multiple Cross-Site Scripting Vulnerabilities. CVE-2006-6640. Webapps exploit for asp platform |
| id | EDB-ID:29288 |
| last seen | 2016-02-03 |
| modified | 2006-12-16 |
| published | 2006-12-16 |
| reporter | Hackers Center Security |
| source | https://www.exploit-db.com/download/29288/ |
| title | Omniture SiteCatalyst Multiple Cross-Site Scripting Vulnerabilities |
References
- http://securityreason.com/securityalert/2048
- http://securitytracker.com/id?1017392
- http://www.hackerscenter.com/archive/view.asp?id=26714
- http://www.securityfocus.com/archive/1/454597/100/0/threaded
- http://www.securityfocus.com/archive/1/458130/100/100/threaded
- http://www.securityfocus.com/bid/21620
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30916