oss-sec mailing list archives
Re: CVE request: XSS in piwik before 1.9
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 22 Oct 2012 17:01:15 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/21/2012 10:14 AM, Hanno Böck wrote:
Hi, Piwik 1.9 fixes an XSS http://piwik.org/blog/2012/10/piwik-1-9/ Not many details though: "Security: thanks to Security Researcher Maxim Rupp who responsibly disclosed a XSS via our security bounty program" Please assign CVE. cu,
I can't even find a previous version to download and diff, just "latest.zip" (so lame). I also can't find a security contact. Hopefully the release blog is correct. Please use CVE-2012-4541 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQhdA7AAoJEBYNRVNeJnmTCKMP/1rRJjW5qMpBwAUF9xhZk/MY pW98nh4uLtV+QeFERW/JWJ1JSx+xsNLh7lAhQVaVZbkPWSTdSlQVS/nvK7Ewj1Fk Zir53QSxRroeAQ0QrSgbxB3RSSvTefL5NMpZPkcCrbgFkBbOZG6e62jkraUIm3Lz YL/DBFfIlBGVw/NnL/mDtj3Jh/cdc8dy7AZacjERE9KPFd80kEyHAlKZsR5OAJZV nAtzXr3TPcZvIWJ2Ov3br5DnGGf0L9kt0hPssEWkG6JcUuEH6dL5W/XXzJ6gsIzf dervkbigBI/3jP5+t7XtkXKGv1JXWXZZBxVyQds92geitxIXhzvMg3YJO/TMAn7i Q7QvqAm7csQ5fH5Of769Zyj6HrtHi/xYiHBM9ePkYeAaJf3AwC4QeJGk61lj7HAk GgOZTTkxB+wlJw2GzZifxDSCmGA++w59oGTUjBS6vPogEyB83OKcSz+PW6t6Q9oI 1OAIIR397Eo6tJ7qa3XRMubjBeG5V/hiQtlbeNv/Lzg5V362/6XmcWt8cJQyqnIr E3FTEzz4W/gMM7X6BrHLwvLjPdfBTG2JKH5UweSPyyQ6Yscc1ZAaGfzUbFBiU5tI rW2/P5iS+M6oTii+kQLdlKW6OdxyuKyDxOLlrhR71Nlsqp61XKJtS6k0aMwOZS3J q5UGpZCI8QGmIGDlWnOT =STzK -----END PGP SIGNATURE-----
Current thread:
- CVE request: XSS in piwik before 1.9 Hanno Böck (Oct 21)
- Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 22)
- Re: CVE request: XSS in piwik before 1.9 Matthieu Aubry (Oct 22)
- Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 22)
- Re: Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 22)
- Re: CVE request: XSS in piwik before 1.9 Solar Designer (Oct 22)
- Re: CVE request: XSS in piwik before 1.9 Matthieu Aubry (Oct 23)
- Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 23)
- Re: CVE request: XSS in piwik before 1.9 Stuart Henderson (Oct 24)
- Re: CVE request: XSS in piwik before 1.9 Matthieu Aubry (Oct 22)
- Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 22)