Re: Piwik 0.5.5 - XSS vulnerability

From: Jeff Schroeder <jeffschroed gmail com>
To: Alexandro Silva <alexoslabs gmail com>
Cc: gnome-infrastructure gnome org
Subject: Re: Piwik 0.5.5 - XSS vulnerability
Date: Thu, 6 May 2010 07:13:52 -0700

On Thu, May 6, 2010 at 4:08 AM, Alexandro Silva <alexoslabs gmail com> wrote:
> A Piwik XSS vulnerability is fixed by the latest Piwik 0.6 release. The
> advisory is published here:
> http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/
>
> Description:
>
> A non-persistent, cross-site scripting vulnerability (XSS) was found in
> Piwik's Login form that reflected the form_url parameter without being
> properly escaped or filtered. To exploit this vulnerability, the attacker
> tricks a Piwik user into visiting a Login URL crafted by...
>
> Cheers,
>
> Alexandro Silva

Are you going to upgrade it or should someone else in the team take
care of this?

-- 
Jeff Schroeder

Don't drink and derive, alcohol and analysis don't mix.
http://www.digitalprognosis.com

References:
- Piwik 0.5.5 - XSS vulnerability
  - From: Alexandro Silva

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]