Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

sitecatalyst-xss.txt

🗓️ 21 Dec 2006 00:00:00Reported by hackerscenter.comType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 42 Views

SiteCatalyst Web Login Cross Site Vulrnabilities risk Medium. Omniture provides analytic software and services to corporate customers. SiteCatalyst measures Web traffic, visitor activity, advertising, and e-commerce transactions. Omniture products include Discover, Data, and SearchCenter for real-time data access

Code
`Hackers Center Security Group (http://www.hackerscenter.com/)   
Doz's Security Advisory   
  
  
Desc: SiteCatalyst Web Login Cross Site Vulrnabilities  
Risk: Medium  
  
  
  
  
  
Omniture, Inc aims its aperture at your Web site. The company provides Internet analytic software and services to corporate customers such as AOL, eBay, General Motors, and Microsoft. Omniture's primary product, SiteCatalyst, helps clients electronically measure Web site traffic, visitor activity, advertising effectiveness, and e-commerce transactions. Other products include the Omniture Discover, Data, and SearchCenter line of products, designed to provide customers access to all of their data in real time.  
  
Login & Search Engines scripts affected  
  
Vendor: www.omniture.com  
  
Company Email: [email protected]  
  
  
Proof of concept:  
  
  
/search.asp?ss=[XSS]  
  
  
Many sites running Omniture Web tools are almost certainly vulnerable to cross site scripting holes. We made a research and many big companies are using Omniture products (Microsoft included).  
  
  
-- HSC Security Group   
http://www.hackerscenter.com  
  
Security researcher? Join us: mail Zinho at zinho at hackerscenter.com   
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Dec 2006 00:00Current
7.4High risk
Vulners AI Score7.4
sitecatalystcross site vulrnabilitiesmedium riskomnitureanalytic softwarecorporate customersweb trafficvisitor activityadvertisinge-commerce transactionsdiscoverdatasearchcenterreal-time data accesssecurity advisoryhackers center security groupvulnerable sitescross site scriptingresearchbig companiesmicrosoft
42