oss-sec mailing list archives
Re: CVE request: XSS in piwik 1.11
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 11 Mar 2013 20:44:55 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/10/2013 07:18 AM, Hanno Böck wrote:
Quote: "Security: We would like to thank the Security Researcher Leone Pontorieri who responsibly disclosed a XSS vulnerability (which we’ve fixed) as part of our Security Bug Bounty Program." from http://piwik.org/blog/2013/03/piwik-1-11/ As we already discussed here recently, the piwik devs are fans of security by obscurity, so they don't provide further details.
Ayup. Please use CVE-2013-1844 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRPpanAAoJEBYNRVNeJnmTbcEQALxNNVyDUB8V45xjcpKiF+ih IykWm9qyukN3uaRUoaIb4O5cqzehAFUMFCYmU53nG3iLiyefp6seLm7rKbTZSIaW HEy5e4xXjpb9VvyRGz/2qEyTgxzab9pMsklBI9v0RN7Qk/XJtUThLNPkxwAtXCk9 QoZk9S8xmJs8oREKN+kuUEZRIvcVjwmjeqf2skL9R8MyUjkFpmBZJD/kOeZPa0d5 6gvyse/h4FBCeqe+bSOhuelWLc4dsTycOk2OJTlZBnqhFXlD2718fr+v4Pixkvbp ZyixzhdIA3RqqKqWlQctp4duTlSRSJZX2eO44y6KxE4uuaMPTxa43zbDDQnZFK0C rack282nCqt+rz4gpMyF7JJhznwdT5LeP/0yc0REmutP9yremP8D260evO7S8CUR Fv/48NIau3ICIEVaAqpE5rampAwTPYepYquzqsPlx37AqJSmEZlpklcIjTMpMyqT LZV7FrWBxq9yvlHThBVOJ5VbvawhcQMbsfc/G1MZoBUE5ROncva8z0opIuy56x4/ DvaV2INz/0DpQ2iZAqNnkUa24/0U++AMXeLKchLntLbTET8/0WLrWjKxS8VvUES8 SMiUJ4AFiM1eBzPI32dIhDc4Nlx7rEe3W62NQlMvBv7KC6DGKMu0eRcjub0KnP9O EHTVHlujrfKP11brpNAM =/pxb -----END PGP SIGNATURE-----
Current thread:
- CVE request: XSS in piwik 1.11 Hanno Böck (Mar 10)
- Re: CVE request: XSS in piwik 1.11 Kurt Seifried (Mar 11)