Date: Thu, 17 Jan 2013 10:18:36 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: CVE request: piwik before 1.10 Hi, See here: http://piwik.org/blog/2013/01/piwik-1-10/ "Security: We would like to thank the Security Researchers Mateusz Goik, Paweł Hałdrzyński and Artur Czyż, for their responsible disclosure. They have all reported XSS vulnerabilities (which we’ve fixed) as part of our Security Bug Bounty Program. Thank you to them for making Piwik more secure!" Security focus lists it, but it calls it just "Multiple Unspecified Cross Site Scripting Vulnerabilities". No further details. And as piwik devs already statet here last year, they like security by obscurity so I don't think asking them will help. Please assign CVE. (I think one for all XSS issues fixed in 1.10 is enough). cu, -- Hanno Böck mail/jabber: hanno@...eck.de GPG: BBB51E42 http://www.hboeck.de/ Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.