Web application abuses : Open Web Analytics < 1.5.6 Reflected XSS Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.804404

Categoría: Web application abuses

Título: Open Web Analytics < 1.5.6 Reflected XSS Vulnerability - Active Check

Resumen: Open Web Analytics is prone to a cross-site scripting (XSS); vulnerability.

Descripción: Summary:
Open Web Analytics is prone to a cross-site scripting (XSS)
vulnerability.

Vulnerability Insight:
Input passed via the 'owa_user_id' parameter to the login page
is not properly sanitised before being returned to the user.

Vulnerability Impact:
Successful exploitation will allow attacker to execute arbitrary
HTML and script code in a user's browser session in context of an affected site.

Affected Software/OS:
Open Web Analytics version 1.5.5 and prior.

Solution:
Update to version 1.5.6 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-1456
BugTraq ID: 65571
http://www.securityfocus.com/bid/65571
http://www.openwebanalytics.com/?p=384
http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-004
http://secunia.com/advisories/56885
XForce ISS Database: owa-cve20141456-xss(91124)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91124

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.804404
Categoría:	Web application abuses
Título:	Open Web Analytics < 1.5.6 Reflected XSS Vulnerability - Active Check
Resumen:	Open Web Analytics is prone to a cross-site scripting (XSS); vulnerability.
Descripción:	Summary: Open Web Analytics is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: Input passed via the 'owa_user_id' parameter to the login page is not properly sanitised before being returned to the user. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Affected Software/OS: Open Web Analytics version 1.5.5 and prior. Solution: Update to version 1.5.6 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1456 BugTraq ID: 65571 http://www.securityfocus.com/bid/65571 http://www.openwebanalytics.com/?p=384 http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-004 http://secunia.com/advisories/56885 XForce ISS Database: owa-cve20141456-xss(91124) https://exchange.xforce.ibmcloud.com/vulnerabilities/91124
Copyright	Copyright (C) 2014 Greenbone AG