Try Taegis XDR
0 Results Found
              Back To Results
                Close Try Taegis XDR

                Open Web Analytics Reflected Cross-Site Scripting (XSS)

                Dell SecureWorks Security Advisory SWRX-2014-004

                Advisory Information

                • Title: Open Web Analytics Reflected Cross-Site Scripting (XSS)
                • Advisory ID: SWRX-2014-004
                • Date published: Thursday, February 13, 2014
                • CVE: CVE-2014-1456
                • CVSS v2 base score: 5.0
                • Date of last update: Thursday, February 13, 2014
                • Vendors contacted: Open Web Analytics
                • Release mode: Coordinated
                • Discovered by: Dana James Traversie, Dell SecureWorks


                Open Web Analytics (OWA) is open source web analytics software that can track and analyze how visitors use websites and applications. OWA is vulnerable to a reflected cross-site scripting (XSS) vulnerability due to insufficient input validation of a parameter on the login page. User-controllable input is not properly sanitized before being displayed in dynamically generated web content. Remote attackers could leverage this vulnerability to conduct reflected XSS attacks.

                Download the PDF: SWRX-2014-004

                PGP Signature

                Related Content