CVE-2006-6640

Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCatalyst allow remote attackers to inject arbitrary web script or HTML via the (1) ss parameter in (a) search.asp and the (2) company and (3) username fields on (b) the web login page. NOTE: some details were obtained from third party information.

Published: Dec 19, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-6640
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
omniture / sitecatalyst	-	-

http://securityreason.com/securityalert/2048
http://securitytracker.com/id?1017392
http://www.hackerscenter.com/archive/view.asp?id=26714
http://www.securityfocus.com/archive/1/454597/100/0/threaded
http://www.securityfocus.com/archive/1/458130/100/100/threaded
http://www.securityfocus.com/bid/21620
https://exchange.xforce.ibmcloud.com/vulnerabilities/30916

Vulnerability Database

290,206

CVE-2006-6640