oss-sec mailing list archives

CVE request: piwik before 1.10

From: Hanno Böck <hanno () hboeck de>
Date: Thu, 17 Jan 2013 10:18:36 +0100

Hi,

See here:
http://piwik.org/blog/2013/01/piwik-1-10/

"Security: We would like to thank the Security Researchers Mateusz
Goik,  Paweł Hałdrzyński and Artur Czyż, for their responsible
disclosure. They have all reported XSS vulnerabilities (which we’ve
fixed) as part of our Security Bug Bounty Program. Thank you to them
for making Piwik more secure!"

Security focus lists it, but it calls it just "Multiple Unspecified
Cross Site Scripting Vulnerabilities".

No further details. And as piwik devs already statet here last year,
they like security by obscurity so I don't think asking them will help.

Please assign CVE. (I think one for all XSS issues fixed in 1.10 is
enough).

cu,
-- 
Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/

Attachment: signature.asc
Description:

Current thread:

CVE request: piwik before 1.10 Hanno Böck (Jan 17)
- Re: CVE request: piwik before 1.10 Kurt Seifried (Jan 17)