[oss-security] CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1

From: Anthon Pang <anthon.pang_at_nospam>
Date: Thu Jan 06 2011 - 00:46:02 GMT
To: "oss-security@lists.openwall.com" <oss-security@lists.openwall.com>

Piwik 1.1 released on Jan 4, 2011, addresses numerous security issues
following a security audit by SektionEins (led by Stefan Esser), an internal
review, and coordinated disclosures from JarosÅ‚aw Sajko (Pentesters.pl) and
Fabian Becker.

Notably, versions of Piwik prior to 1.1 contain multiple persistent and
reflective XSS vulnerabilities through unescaped parameters and/or output.

Security advisory:
http://piwik.org/blog/2011/01/piwik-1-1-security-advisory/
Other advisory:
http://piwik.org/blog/2011/01/professional-security-audit-in-piwik/
Changelog: http://piwik.org/blog/2011/01/piwik-1-1-2/

This message: [ Message body ]
Next message: Eugene Teo: "[oss-security] CVE-NONE kernel: PHONET signedness issue"
Previous message: Vincent Danen: "Re: [oss-security] CVE request: patch directory traversal flaw"
Next in thread: Josh Bressers: "Re: [oss-security] CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1"
Reply: Josh Bressers: "Re: [oss-security] CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]