Date: Wed, 5 Jan 2011 19:46:02 -0500 From: Anthon Pang <anthon.pang@...il.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1 Piwik 1.1 released on Jan 4, 2011, addresses numerous security issues following a security audit by SektionEins (led by Stefan Esser), an internal review, and coordinated disclosures from Jarosław Sajko (Pentesters.pl) and Fabian Becker. Notably, versions of Piwik prior to 1.1 contain multiple persistent and reflective XSS vulnerabilities through unescaped parameters and/or output. Security advisory: http://piwik.org/blog/2011/01/piwik-1-1-security-advisory/ Other advisory: http://piwik.org/blog/2011/01/professional-security-audit-in-piwik/ Changelog: http://piwik.org/blog/2011/01/piwik-1-1-2/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.