Advisory Information

  • Title: Open Web Analytics Reflected Cross-Site Scripting (XSS)
  • Advisory ID: SWRX-2014-004
  • Date published: Thursday, February 13, 2014
  • CVE: CVE-2014-1456
  • CVSS v2 base score: 5.0
  • Date of last update: Thursday, February 13, 2014
  • Vendors contacted: Open Web Analytics
  • Release mode: Coordinated
  • Discovered by: Dana James Traversie, Dell SecureWorks


Open Web Analytics (OWA) is open source web analytics software that can track and analyze how visitors use websites and applications. OWA is vulnerable to a reflected cross-site scripting (XSS) vulnerability due to insufficient input validation of a parameter on the login page. User-controllable input is not properly sanitized before being displayed in dynamically generated web content. Remote attackers could leverage this vulnerability to conduct reflected XSS attacks.

Download the PDF: SWRX-2014-004

PGP Signature