Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the form_url parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| matomo | matomo | 0.4.5 |
| matomo | matomo | 0.2.31 |
| matomo | matomo | 0.2.33 |
| matomo | matomo | 0.5.4 |
| matomo | matomo | 0.1.8 |
| matomo | matomo | 0.1.9 |
| piwik | piwik | 0.5.5 |
| matomo | matomo | 0.1.7 |
| matomo | matomo | 0.5.5 |
| matomo | matomo | 0.2.19 |
| matomo | matomo | 0.2.22 |
| matomo | matomo | 0.2.6 |
| matomo | matomo | 0.2.26 |
| matomo | matomo | 0.2.32 |
| matomo | matomo | 0.2.9 |
| matomo | matomo | 0.2.10 |
| matomo | matomo | 0.2.3 |
| matomo | matomo | 0.2.17 |
| matomo | matomo | 0.1.10 |
| matomo | matomo | 0.5.1 |
| matomo | matomo | 0.5.2 |
| matomo | matomo | 0.4.4 |
| matomo | matomo | 0.4 |
| matomo | matomo | 0.2.25 |
| matomo | matomo | 0.2.34 |
| matomo | matomo | 0.2.13 |
| matomo | matomo | 0.2.5 |
| matomo | matomo | 0.2.20 |
| matomo | matomo | 0.2.1 |
| matomo | matomo | 0.2.28 |
| matomo | matomo | 0.2.11 |
| matomo | matomo | 0.2.16 |
| matomo | matomo | 0.2.4 |
| matomo | matomo | 0.2.23 |
| matomo | matomo | 0.2.18 |
| matomo | matomo | 0.2.12 |
| matomo | matomo | 0.2.29 |
| matomo | matomo | 0.1.6 |
| matomo | matomo | 0.2.30 |
| matomo | matomo | 0.2.2 |
| matomo | matomo | 0.2.24 |
| matomo | matomo | 0.5.3 |
| matomo | matomo | 0.2.27 |
| matomo | matomo | 0.5 |
| matomo | matomo | 0.2.8 |
| matomo | matomo | 0.2.14 |
| matomo | matomo | 0.4.1 |
| matomo | matomo | 0.2.7 |
The Piwik Mobile 2 (aka org.piwik.mobile2) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| piwik | piwik_mobile_2 | 2.0.1 |