Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1542530748.193410.1294340225061.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Thu, 6 Jan 2011 13:57:05 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE Request: Multiple XSS Vulnerabiliies < Piwik
 1.1

Please use CVE-2011-0004 for the multiple XSS flaws.

Thanks.

-- 
    JB


----- Original Message -----
> Piwik 1.1 released on Jan 4, 2011, addresses numerous security issues
> following a security audit by SektionEins (led by Stefan Esser), an
> internal
> review, and coordinated disclosures from Jarosław Sajko
> (Pentesters.pl) and
> Fabian Becker.
> 
> Notably, versions of Piwik prior to 1.1 contain multiple persistent
> and
> reflective XSS vulnerabilities through unescaped parameters and/or
> output.
> 
> Security advisory:
> http://piwik.org/blog/2011/01/piwik-1-1-security-advisory/
> Other advisory:
> http://piwik.org/blog/2011/01/professional-security-audit-in-piwik/
> Changelog: http://piwik.org/blog/2011/01/piwik-1-1-2/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.