Lucene search
HistoryMar 01, 2014 - 12:01 a.m.
CVE-2014-1456
cve-2014-1456
cross-site scripting
xss
open web analytics
owa
login page
vulnerability
web script injection
html injection
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.5%
Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owa_user_id parameter to index.php.
Affected configurations
Node
openwebanalyticsopen_web_analyticsRange≤1.5.5
ORopenwebanalyticsopen_web_analyticsMatch1.0
ORopenwebanalyticsopen_web_analyticsMatch1.0.1
ORopenwebanalyticsopen_web_analyticsMatch1.0.2
ORopenwebanalyticsopen_web_analyticsMatch1.0.3
ORopenwebanalyticsopen_web_analyticsMatch1.0.4
ORopenwebanalyticsopen_web_analyticsMatch1.0.5
ORopenwebanalyticsopen_web_analyticsMatch1.0.6
ORopenwebanalyticsopen_web_analyticsMatch1.0.7
ORopenwebanalyticsopen_web_analyticsMatch1.0.8
ORopenwebanalyticsopen_web_analyticsMatch1.0.8rc1
ORopenwebanalyticsopen_web_analyticsMatch1.0.8rc2
ORopenwebanalyticsopen_web_analyticsMatch1.0.8rc3
ORopenwebanalyticsopen_web_analyticsMatch1.0.8rc4
ORopenwebanalyticsopen_web_analyticsMatch1.0.8rc5
ORopenwebanalyticsopen_web_analyticsMatch1.1.0
ORopenwebanalyticsopen_web_analyticsMatch1.1.0rc1
ORopenwebanalyticsopen_web_analyticsMatch1.1.0rc2
ORopenwebanalyticsopen_web_analyticsMatch1.1.0rc3
ORopenwebanalyticsopen_web_analyticsMatch1.1.0rc4
ORopenwebanalyticsopen_web_analyticsMatch1.1.1
ORopenwebanalyticsopen_web_analyticsMatch1.2.0
ORopenwebanalyticsopen_web_analyticsMatch1.2.0rc1
ORopenwebanalyticsopen_web_analyticsMatch1.2.0rc2
ORopenwebanalyticsopen_web_analyticsMatch1.2.0rc3
ORopenwebanalyticsopen_web_analyticsMatch1.2.1
ORopenwebanalyticsopen_web_analyticsMatch1.2.1rc1
ORopenwebanalyticsopen_web_analyticsMatch1.2.2
ORopenwebanalyticsopen_web_analyticsMatch1.2.3
ORopenwebanalyticsopen_web_analyticsMatch1.2.4
ORopenwebanalyticsopen_web_analyticsMatch1.3.0
ORopenwebanalyticsopen_web_analyticsMatch1.3.0rc1
ORopenwebanalyticsopen_web_analyticsMatch1.3.1
ORopenwebanalyticsopen_web_analyticsMatch1.4.0
ORopenwebanalyticsopen_web_analyticsMatch1.4.0rc1
ORopenwebanalyticsopen_web_analyticsMatch1.4.0rc2
ORopenwebanalyticsopen_web_analyticsMatch1.4.0rc3
ORopenwebanalyticsopen_web_analyticsMatch1.4.0rc4
ORopenwebanalyticsopen_web_analyticsMatch1.4.1
ORopenwebanalyticsopen_web_analyticsMatch1.5.0
ORopenwebanalyticsopen_web_analyticsMatch1.5.0rc1
ORopenwebanalyticsopen_web_analyticsMatch1.5.0rc2
ORopenwebanalyticsopen_web_analyticsMatch1.5.0rc3
ORopenwebanalyticsopen_web_analyticsMatch1.5.1
ORopenwebanalyticsopen_web_analyticsMatch1.5.2
ORopenwebanalyticsopen_web_analyticsMatch1.5.3
ORopenwebanalyticsopen_web_analyticsMatch1.5.4
Related
openvas
openvas
Open Web Analytics < 1.5.6 Reflected XSS Vulnerability - Active Check
2014-03-05 00:00:00
prion
prion
Cross site scripting
2014-03-01 00:01:00
cvelist
cvelist
CVE-2014-1456
2014-02-28 17:00:00
nvd
nvd
CVE-2014-1456
2014-03-01 00:01:07
nessus
nessus
Open Web Analytics < 1.5.6 Multiple Vulnerabilities
2014-05-27 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.5%
Related for CVE-2014-1456