Report a Confirmed or Potential Breach? Call   +1 770-870-6343
0 Results Found
            Back To Results

              Open Web Analytics Reflected Cross-Site Scripting (XSS)

              Dell SecureWorks Security Advisory SWRX-2014-004

              Advisory Information

              • Title: Open Web Analytics Reflected Cross-Site Scripting (XSS)
              • Advisory ID: SWRX-2014-004
              • Date published: Thursday, February 13, 2014
              • CVE: CVE-2014-1456
              • CVSS v2 base score: 5.0
              • Date of last update: Thursday, February 13, 2014
              • Vendors contacted: Open Web Analytics
              • Release mode: Coordinated
              • Discovered by: Dana James Traversie, Dell SecureWorks


              Open Web Analytics (OWA) is open source web analytics software that can track and analyze how visitors use websites and applications. OWA is vulnerable to a reflected cross-site scripting (XSS) vulnerability due to insufficient input validation of a parameter on the login page. User-controllable input is not properly sanitized before being displayed in dynamically generated web content. Remote attackers could leverage this vulnerability to conduct reflected XSS attacks.

              Download the PDF: SWRX-2014-004

              PGP Signature

              Related Content