Date: Thu, 6 Jan 2011 13:57:05 -0500 (EST) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1 Please use CVE-2011-0004 for the multiple XSS flaws. Thanks. -- JB ----- Original Message ----- > Piwik 1.1 released on Jan 4, 2011, addresses numerous security issues > following a security audit by SektionEins (led by Stefan Esser), an > internal > review, and coordinated disclosures from Jarosław Sajko > (Pentesters.pl) and > Fabian Becker. > > Notably, versions of Piwik prior to 1.1 contain multiple persistent > and > reflective XSS vulnerabilities through unescaped parameters and/or > output. > > Security advisory: > http://piwik.org/blog/2011/01/piwik-1-1-security-advisory/ > Other advisory: > http://piwik.org/blog/2011/01/professional-security-audit-in-piwik/ > Changelog: http://piwik.org/blog/2011/01/piwik-1-1-2/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ