Omniture SiteCatalyst Multiple Cross-Site Scripting Vulnerabilities

Bugtraq ID:	21620
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 16 2006 12:00AM
Updated:	Jan 25 2007 04:32PM
Credit:	Hackers Center Security Group is credited with the discovery of these vulnerabilities.
Vulnerable:	Omniture SiteCatalyst 0
Not Vulnerable:

Omniture SiteCatalyst Multiple Cross-Site Scripting Vulnerabilities

Omniture SiteCatalyst is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Omniture SiteCatalyst Multiple Cross-Site Scripting Vulnerabilities

An attacker can trigger these vulnerabilities by enticing a victim user to follow a malicious URI.

An example URI has been provided:

http://www.example.com/search.asp?ss=[XSS]

Omniture SiteCatalyst Multiple Cross-Site Scripting Vulnerabilities

Solution:
This issue has been addressed in a recent fix. Please contact the vendor for information on how to obtain and apply the fix.

Omniture SiteCatalyst Multiple Cross-Site Scripting Vulnerabilities

References:

• SiteCatalyst Product Page (Omniture)
  
• [HSC Security Group] SiteCatalyst Web Login Cross Site Vulrnabilities ([email protected])
  
• Omniture SiteCatalyst Multiple Cross-Site Scripting Vulnerabilities ([email protected])