Lucene search

[email protected]NVD:CVE-2006-6640

HistoryDec 19, 2006 - 8:28 p.m.

CVE-2006-6640

2006-12-1920:28:00

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.8

Confidence

High

EPSS

0.012

Percentile

85.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCatalyst allow remote attackers to inject arbitrary web script or HTML via the (1) ss parameter in (a) search.asp and the (2) company and (3) username fields on (b) the web login page. NOTE: some details were obtained from third party information.

Affected configurations

Nvd

Node

omnituresitecatalystMatch0

VendorProductVersionCPE
omnituresitecatalyst0cpe:2.3:a:omniture:sitecatalyst:0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
omniture	sitecatalyst	0	cpe:2.3:a:omniture:sitecatalyst:0:::::::*

References

securityreason.com/securityalert/2048

securitytracker.com/id?1017392

www.hackerscenter.com/archive/view.asp?id=26714

www.securityfocus.com/archive/1/454597/100/0/threaded

www.securityfocus.com/archive/1/458130/100/100/threaded

www.securityfocus.com/bid/21620

exchange.xforce.ibmcloud.com/vulnerabilities/30916

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.8

Confidence

High

EPSS

0.012

Percentile

85.4%

JSON

Related for NVD:CVE-2006-6640

cvelist1 cve1 exploitdb1