Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 6 Jan 2011 13:57:05 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE Request: Multiple XSS Vulnerabiliies < Piwik
 1.1

Please use CVE-2011-0004 for the multiple XSS flaws.

Thanks.

-- 
    JB


----- Original Message -----
> Piwik 1.1 released on Jan 4, 2011, addresses numerous security issues
> following a security audit by SektionEins (led by Stefan Esser), an
> internal
> review, and coordinated disclosures from Jarosław Sajko
> (Pentesters.pl) and
> Fabian Becker.
> 
> Notably, versions of Piwik prior to 1.1 contain multiple persistent
> and
> reflective XSS vulnerabilities through unescaped parameters and/or
> output.
> 
> Security advisory:
> http://piwik.org/blog/2011/01/piwik-1-1-security-advisory/
> Other advisory:
> http://piwik.org/blog/2011/01/professional-security-audit-in-piwik/
> Changelog: http://piwik.org/blog/2011/01/piwik-1-1-2/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ