Advisories

Open Web Analytics Persistent Cross-Site Scripting (XSS)

Dell SecureWorks Security Advisory SWRX-2014-005 Thursday, February 13, 2014

Advisory Information

Title: Open Web Analytics Persistent Cross-Site Scripting (XSS)
Advisory ID: SWRX-2014-005
Date published: Thursday, February 13, 2014
CVE: CVE-2014-1456
CVSS v2 base score: 3.5
Date of last update: Thursday, February 13, 2014
Vendors contacted: Open Web Analytics
Release mode: Coordinated
Discovered by: Dana James Traversie, Dell SecureWorks

Summary

Open Web Analytics (OWA) is open source web analytics software that can track and analyze how visitors use websites and applications. OWA is vulnerable to multiple persistent cross-site scripting (XSS) vulnerabilities due to improper sanitization of data in the OWA database. User-controllable input is not properly sanitized before being stored and is later returned to an administrator in dynamically generated web content. Remote attackers could leverage these vulnerabilities to conduct persistent XSS attacks.

Download the PDF: SWRX-2014-005

PGP Signature

Open Web Analytics Persistent Cross-Site Scripting (XSS)

Advisory Information

Summary

Related Content

LV Ransomware

USAID-Themed Phishing Campaign Leverages U.S. Elections Lure

Counter Threat Unit Researchers Publish Threat Group Definitions