Cross site scripting

2014-03-0100:01:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owa_user_id parameter to index.php.

CPENameOperatorVersion
open_web_analyticseq1.0.6
open_web_analyticseq1.3.0 rc1
open_web_analyticseq1.4.0 rc2
open_web_analyticseq1.0
open_web_analyticseq1.5.0
open_web_analyticseq1.0.1
open_web_analyticseq1.2.0 rc2
open_web_analyticseq1.0.3
open_web_analyticseq1.1.0 rc3
open_web_analyticseq1.1.0 rc2

Name	Operator	Version
open_web_analytics	eq	1.0.6
open_web_analytics	eq	1.3.0 rc1
open_web_analytics	eq	1.4.0 rc2
open_web_analytics	eq	1.0
open_web_analytics	eq	1.5.0
open_web_analytics	eq	1.0.1
open_web_analytics	eq	1.2.0 rc2
open_web_analytics	eq	1.0.3
open_web_analytics	eq	1.1.0 rc3
open_web_analytics	eq	1.1.0 rc2