Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Jan 2011 19:46:02 -0500
From: Anthon Pang <anthon.pang@...il.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1

Piwik 1.1 released on Jan 4, 2011, addresses numerous security issues
following a security audit by SektionEins (led by Stefan Esser), an internal
review, and coordinated disclosures from Jarosław Sajko (Pentesters.pl) and
Fabian Becker.

Notably, versions of Piwik prior to 1.1 contain multiple persistent and
reflective XSS vulnerabilities through unescaped parameters and/or output.

Security advisory:
http://piwik.org/blog/2011/01/piwik-1-1-security-advisory/
Other advisory:
http://piwik.org/blog/2011/01/professional-security-audit-in-piwik/
Changelog: http://piwik.org/blog/2011/01/piwik-1-1-2/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ