oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: XSS in piwik 1.11

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 11 Mar 2013 20:44:55 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/10/2013 07:18 AM, Hanno Böck wrote:

Quote: "Security: We would like to thank the Security Researcher
Leone Pontorieri who responsibly disclosed a XSS vulnerability
(which we’ve fixed) as part of our Security Bug Bounty Program."

from http://piwik.org/blog/2013/03/piwik-1-11/

As we already discussed here recently, the piwik devs are fans of 
security by obscurity, so they don't provide further details.


Ayup. Please use CVE-2013-1844 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRPpanAAoJEBYNRVNeJnmTbcEQALxNNVyDUB8V45xjcpKiF+ih
IykWm9qyukN3uaRUoaIb4O5cqzehAFUMFCYmU53nG3iLiyefp6seLm7rKbTZSIaW
HEy5e4xXjpb9VvyRGz/2qEyTgxzab9pMsklBI9v0RN7Qk/XJtUThLNPkxwAtXCk9
QoZk9S8xmJs8oREKN+kuUEZRIvcVjwmjeqf2skL9R8MyUjkFpmBZJD/kOeZPa0d5
6gvyse/h4FBCeqe+bSOhuelWLc4dsTycOk2OJTlZBnqhFXlD2718fr+v4Pixkvbp
ZyixzhdIA3RqqKqWlQctp4duTlSRSJZX2eO44y6KxE4uuaMPTxa43zbDDQnZFK0C
rack282nCqt+rz4gpMyF7JJhznwdT5LeP/0yc0REmutP9yremP8D260evO7S8CUR
Fv/48NIau3ICIEVaAqpE5rampAwTPYepYquzqsPlx37AqJSmEZlpklcIjTMpMyqT
LZV7FrWBxq9yvlHThBVOJ5VbvawhcQMbsfc/G1MZoBUE5ROncva8z0opIuy56x4/
DvaV2INz/0DpQ2iZAqNnkUa24/0U++AMXeLKchLntLbTET8/0WLrWjKxS8VvUES8
SMiUJ4AFiM1eBzPI32dIhDc4Nlx7rEe3W62NQlMvBv7KC6DGKMu0eRcjub0KnP9O
EHTVHlujrfKP11brpNAM
=/pxb
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: