Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Jan 2011 19:46:02 -0500
From: Anthon Pang <>
To: "" <>
Subject: CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1

Piwik 1.1 released on Jan 4, 2011, addresses numerous security issues
following a security audit by SektionEins (led by Stefan Esser), an internal
review, and coordinated disclosures from Jarosław Sajko ( and
Fabian Becker.

Notably, versions of Piwik prior to 1.1 contain multiple persistent and
reflective XSS vulnerabilities through unescaped parameters and/or output.

Security advisory:
Other advisory:

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ