CVE-2014-1456
published 2014-03-01CVE-2014-1456: Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) before 1.5.6 allows remote attackers to inject arbitrary web script or…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.81%
75.9th percentile
Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owa_user_id parameter to index.php.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openwebanalytics | open_web_analytics | <= 1.5.5 | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
| openwebanalytics | open_web_analytics | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/56885http://www.openwebanalytics.com/?p=384http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-004http://www.securityfocus.com/bid/65571https://exchange.xforce.ibmcloud.com/vulnerabilities/91124http://secunia.com/advisories/56885http://www.openwebanalytics.com/?p=384http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-004http://www.securityfocus.com/bid/65571https://exchange.xforce.ibmcloud.com/vulnerabilities/91124
2014-03-01
Published