oss-sec mailing list archives
CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1
From: Anthon Pang <anthon.pang () gmail com>
Date: Wed, 5 Jan 2011 19:46:02 -0500
Piwik 1.1 released on Jan 4, 2011, addresses numerous security issues following a security audit by SektionEins (led by Stefan Esser), an internal review, and coordinated disclosures from Jarosław Sajko (Pentesters.pl) and Fabian Becker. Notably, versions of Piwik prior to 1.1 contain multiple persistent and reflective XSS vulnerabilities through unescaped parameters and/or output. Security advisory: http://piwik.org/blog/2011/01/piwik-1-1-security-advisory/ Other advisory: http://piwik.org/blog/2011/01/professional-security-audit-in-piwik/ Changelog: http://piwik.org/blog/2011/01/piwik-1-1-2/
Current thread:
- CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1 Anthon Pang (Jan 05)
- Re: CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1 Josh Bressers (Jan 06)