CVE-2006-6640

Omniture SiteCatalyst - Cross-Site Scripting via Search Parameter and Login Fields

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6640. PoCs published by Hackers Center Security.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Omniture SiteCatalyst, where user-supplied input is not properly sanitized. It includes a generic example URL demonstrating the vulnerability but lacks executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCatalyst allow remote attackers to inject arbitrary web script or HTML via the (1) ss parameter in (a) search.asp and the (2) company and (3) username fields on (b) the web login page. NOTE: some details were obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Hackers Center Security · textwebappsasp

https://www.exploit-db.com/exploits/29288

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Omniture SiteCatalyst, where user-supplied input is not properly sanitized. It includes a generic example URL demonstrating the vulnerability but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: Omniture SiteCatalyst

No auth needed

Prerequisites: A vulnerable version of Omniture SiteCatalyst · Ability to craft a malicious URL with XSS payload

MITRE ATT&CK