Cross-Site Scripting Vulnerabilities in Mercury SiteScope by Mercury
CVE-2006-5122

Currently unrated

Key Information:

Vendor: HP
Status: Mercury Sitescope
Vendor: CVE Published:; 3 October 2006

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist within Mercury SiteScope 8.2 (version 8.1.2.0), which can be exploited by remote authenticated users. These vulnerabilities allow attackers to inject arbitrary web scripts or HTML code through various fields, specifically in the create name field (excluding the 'create new group name' field) and any description fields. This could potentially lead to unauthorized actions and information disclosure if exploited.

References

http://securityreason.com/securityalert/1670

third-party-advisoryx_refsource_SREASON

https://exchange.xforce.ibmcloud.com/vulnerabilities/29295

vdb-entryx_refsource_XF

http://secunia.com/advisories/22215

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Oct 3, 2006
Vulnerability Reserved
Oct 2, 2006