MidnightBSD

Advisories for piwik

CVE-2010-1453 MEDIUM

Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the form_url parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
matomo matomo 0.4.5
matomo matomo 0.2.31
matomo matomo 0.2.33
matomo matomo 0.5.4
matomo matomo 0.1.8
matomo matomo 0.1.9
piwik piwik 0.5.5
matomo matomo 0.1.7
matomo matomo 0.5.5
matomo matomo 0.2.19
matomo matomo 0.2.22
matomo matomo 0.2.6
matomo matomo 0.2.26
matomo matomo 0.2.32
matomo matomo 0.2.9
matomo matomo 0.2.10
matomo matomo 0.2.3
matomo matomo 0.2.17
matomo matomo 0.1.10
matomo matomo 0.5.1
matomo matomo 0.5.2
matomo matomo 0.4.4
matomo matomo 0.4
matomo matomo 0.2.25
matomo matomo 0.2.34
matomo matomo 0.2.13
matomo matomo 0.2.5
matomo matomo 0.2.20
matomo matomo 0.2.1
matomo matomo 0.2.28
matomo matomo 0.2.11
matomo matomo 0.2.16
matomo matomo 0.2.4
matomo matomo 0.2.23
matomo matomo 0.2.18
matomo matomo 0.2.12
matomo matomo 0.2.29
matomo matomo 0.1.6
matomo matomo 0.2.30
matomo matomo 0.2.2
matomo matomo 0.2.24
matomo matomo 0.5.3
matomo matomo 0.2.27
matomo matomo 0.5
matomo matomo 0.2.8
matomo matomo 0.2.14
matomo matomo 0.4.1
matomo matomo 0.2.7
CVE-2014-5871 MEDIUM

The Piwik Mobile 2 (aka org.piwik.mobile2) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
piwik piwik_mobile_2 2.0.1