Cross Site Scripting in Open Web Analytics on most statistics related pages

Description The makeJson method within the owatemplate class generates a JSON string in an unsafe manner. This method is utilized within the report.tpl file, where it receives parameters from the URL and generates a JSON string using them without properly sanitizing. Proof of Concept The...

Code injection

The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to 1 obtain sensitive via the Tracker Module and the Recent posts page; 2 obtain project...