Summary
This host is installed with Open Web Analytics and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Upgrade to Open Web Analytics 1.5.6 or later,
For updates refer to http://downloads.openwebanalytics.com
Insight
Input passed via the 'owa_user_id' parameter to the login page is not properly sanitised before being returned to the user.
Affected
Open Web Analytics version 1.5.5 and prior.
Detection
Get the installed location with the help of detect NVT and check xss is possible.
References
Severity
Classification
-
CVE CVE-2014-1456 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Struts2/XWork Remote Command Execution Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Apache Struts Directory Traversal Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability