oss-security January 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: [oss-security] CVE Request: Multiple XSS Vulnerabi

[oss-security] CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1

From: Anthon Pang <anthon.pang_at_nospam>
Date: Thu Jan 06 2011 - 00:46:02 GMT
To: "oss-security@lists.openwall.com" <oss-security@lists.openwall.com>

Piwik 1.1 released on Jan 4, 2011, addresses numerous security issues
following a security audit by SektionEins (led by Stefan Esser), an internal
review, and coordinated disclosures from Jarosław Sajko (Pentesters.pl) and
Fabian Becker.

Notably, versions of Piwik prior to 1.1 contain multiple persistent and
reflective XSS vulnerabilities through unescaped parameters and/or output.

Security advisory:
http://piwik.org/blog/2011/01/piwik-1-1-security-advisory/
Other advisory:
http://piwik.org/blog/2011/01/professional-security-audit-in-piwik/
Changelog: http://piwik.org/blog/2011/01/piwik-1-1-2/