oss-sec mailing list archives
Re: CVE request: XSS in piwik before 1.9
From: Matthieu Aubry <matthieu.aubry () gmail com>
Date: Tue, 23 Oct 2012 12:58:52 +1300
Hi there,we are NEVER going to release more information, this is normal, we do not want to make exploits any easier than it could be.
The builds can be found at: http://builds.piwik.org/ Security contact: http://piwik.org/security/ Good search engine: https://www.startpage.com/ Cheers On 23/10/12 12:01, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/21/2012 10:14 AM, Hanno Böck wrote:Hi, Piwik 1.9 fixes an XSS http://piwik.org/blog/2012/10/piwik-1-9/ Not many details though: "Security: thanks to Security Researcher Maxim Rupp who responsibly disclosed a XSS via our security bounty program" Please assign CVE. cu,I can't even find a previous version to download and diff, just "latest.zip" (so lame). I also can't find a security contact. Hopefully the release blog is correct. Please use CVE-2012-4541 for this issue.- -- Kurt Seifried Red Hat Security Response Team (SRT)PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQhdA7AAoJEBYNRVNeJnmTCKMP/1rRJjW5qMpBwAUF9xhZk/MY pW98nh4uLtV+QeFERW/JWJ1JSx+xsNLh7lAhQVaVZbkPWSTdSlQVS/nvK7Ewj1Fk Zir53QSxRroeAQ0QrSgbxB3RSSvTefL5NMpZPkcCrbgFkBbOZG6e62jkraUIm3Lz YL/DBFfIlBGVw/NnL/mDtj3Jh/cdc8dy7AZacjERE9KPFd80kEyHAlKZsR5OAJZV nAtzXr3TPcZvIWJ2Ov3br5DnGGf0L9kt0hPssEWkG6JcUuEH6dL5W/XXzJ6gsIzf dervkbigBI/3jP5+t7XtkXKGv1JXWXZZBxVyQds92geitxIXhzvMg3YJO/TMAn7i Q7QvqAm7csQ5fH5Of769Zyj6HrtHi/xYiHBM9ePkYeAaJf3AwC4QeJGk61lj7HAk GgOZTTkxB+wlJw2GzZifxDSCmGA++w59oGTUjBS6vPogEyB83OKcSz+PW6t6Q9oI 1OAIIR397Eo6tJ7qa3XRMubjBeG5V/hiQtlbeNv/Lzg5V362/6XmcWt8cJQyqnIr E3FTEzz4W/gMM7X6BrHLwvLjPdfBTG2JKH5UweSPyyQ6Yscc1ZAaGfzUbFBiU5tI rW2/P5iS+M6oTii+kQLdlKW6OdxyuKyDxOLlrhR71Nlsqp61XKJtS6k0aMwOZS3J q5UGpZCI8QGmIGDlWnOT =STzK -----END PGP SIGNATURE-----
Current thread:
- CVE request: XSS in piwik before 1.9 Hanno Böck (Oct 21)
- Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 22)
- Re: CVE request: XSS in piwik before 1.9 Matthieu Aubry (Oct 22)
- Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 22)
- Re: Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 22)
- Re: CVE request: XSS in piwik before 1.9 Solar Designer (Oct 22)
- Re: CVE request: XSS in piwik before 1.9 Matthieu Aubry (Oct 23)
- Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 23)
- Re: CVE request: XSS in piwik before 1.9 Stuart Henderson (Oct 24)
- Re: CVE request: XSS in piwik before 1.9 Matthieu Aubry (Oct 22)
- Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 22)