SiteCatalyst Web Login Cross Site Vulrnabilities

Risk: Medium
Local: No
Remote: Yes
CWE: CWE-Other

CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Hackers Center Security Group ( Doz's Security Advisory Desc: SiteCatalyst Web Login Cross Site Vulrnabilities Risk: Medium Omniture, Inc aims its aperture at your Web site. The company provides Internet analytic software and services to corporate customers such as AOL, eBay, General Motors, and Microsoft. Omniture's primary product, SiteCatalyst, helps clients electronically measure Web site traffic, visitor activity, advertising effectiveness, and e-commerce transactions. Other products include the Omniture Discover, Data, and SearchCenter line of products, designed to provide customers access to all of their data in real time. Login & Search Engines scripts affected Vendor: Company Email: ir (at) omniture (dot) com [email concealed] Proof of concept: /search.asp?ss=[XSS] Many sites running Omniture Web tools are almost certainly vulnerable to cross site scripting holes. We made a research and many big companies are using Omniture products (Microsoft included). -- HSC Security Group Security researcher? Join us: mail Zinho at zinho at

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top