Piwik 0.5.5 - XSS vulnerability

From: Alexandro Silva <alexoslabs gmail com>
To: gnome-infrastructure gnome org
Subject: Piwik 0.5.5 - XSS vulnerability
Date: Thu, 06 May 2010 08:08:54 -0300

A Piwik XSS vulnerability is fixed by the latest Piwik 0.6 release. The
advisory is published here:
http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/

Description:

A non-persistent, cross-site scripting vulnerability (XSS) was found in
Piwik's Login form that reflected the form_url parameter without being
properly escaped or filtered. To exploit this vulnerability, the attacker
tricks a Piwik user into visiting a Login URL crafted by...

Cheers,

Alexandro Silva

Follow-Ups:
- Re: Piwik 0.5.5 - XSS vulnerability
  - From: Jeff Schroeder

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]