Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130117101836.43c11151@melee>
Date: Thu, 17 Jan 2013 10:18:36 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: CVE request: piwik before 1.10

Hi,

See here:
http://piwik.org/blog/2013/01/piwik-1-10/

"Security: We would like to thank the Security Researchers Mateusz
Goik,  Paweł Hałdrzyński and Artur Czyż, for their responsible
disclosure. They have all reported XSS vulnerabilities (which we’ve
fixed) as part of our Security Bug Bounty Program. Thank you to them
for making Piwik more secure!"

Security focus lists it, but it calls it just "Multiple Unspecified
Cross Site Scripting Vulnerabilities".

No further details. And as piwik devs already statet here last year,
they like security by obscurity so I don't think asking them will help.

Please assign CVE. (I think one for all XSS issues fixed in 1.10 is
enough).

cu,
-- 
Hanno Böck		mail/jabber: hanno@...eck.de
GPG: BBB51E42		http://www.hboeck.de/

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.