oss-sec mailing list archives
CVE request: piwik before 1.10
From: Hanno Böck <hanno () hboeck de>
Date: Thu, 17 Jan 2013 10:18:36 +0100
Hi, See here: http://piwik.org/blog/2013/01/piwik-1-10/ "Security: We would like to thank the Security Researchers Mateusz Goik, Paweł Hałdrzyński and Artur Czyż, for their responsible disclosure. They have all reported XSS vulnerabilities (which we’ve fixed) as part of our Security Bug Bounty Program. Thank you to them for making Piwik more secure!" Security focus lists it, but it calls it just "Multiple Unspecified Cross Site Scripting Vulnerabilities". No further details. And as piwik devs already statet here last year, they like security by obscurity so I don't think asking them will help. Please assign CVE. (I think one for all XSS issues fixed in 1.10 is enough). cu, -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/
Attachment:
signature.asc
Description:
Current thread:
- CVE request: piwik before 1.10 Hanno Böck (Jan 17)
- Re: CVE request: piwik before 1.10 Kurt Seifried (Jan 17)