Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: XSS in piwik before 1.9
From: Matthieu Aubry <matthieu.aubry () gmail com>
Date: Tue, 23 Oct 2012 12:58:52 +1300

Hi there,

we are NEVER going to release more information, this is normal, we do not want to make exploits any easier than it could be.

The builds can be found at: http://builds.piwik.org/

Security contact: http://piwik.org/security/

Good search engine: https://www.startpage.com/

Cheers



On 23/10/12 12:01, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/21/2012 10:14 AM, Hanno Böck wrote:
Hi,

Piwik 1.9 fixes an XSS http://piwik.org/blog/2012/10/piwik-1-9/

Not many details though: "Security: thanks to Security Researcher
Maxim Rupp who responsibly disclosed a XSS via our security bounty
program"

Please assign CVE.

cu,

I can't even find a previous version to download and diff, just
"latest.zip" (so lame). I also can't find a security contact.

Hopefully the release blog is correct.

Please use CVE-2012-4541 for this issue.

- -- Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQhdA7AAoJEBYNRVNeJnmTCKMP/1rRJjW5qMpBwAUF9xhZk/MY
pW98nh4uLtV+QeFERW/JWJ1JSx+xsNLh7lAhQVaVZbkPWSTdSlQVS/nvK7Ewj1Fk
Zir53QSxRroeAQ0QrSgbxB3RSSvTefL5NMpZPkcCrbgFkBbOZG6e62jkraUIm3Lz
YL/DBFfIlBGVw/NnL/mDtj3Jh/cdc8dy7AZacjERE9KPFd80kEyHAlKZsR5OAJZV
nAtzXr3TPcZvIWJ2Ov3br5DnGGf0L9kt0hPssEWkG6JcUuEH6dL5W/XXzJ6gsIzf
dervkbigBI/3jP5+t7XtkXKGv1JXWXZZBxVyQds92geitxIXhzvMg3YJO/TMAn7i
Q7QvqAm7csQ5fH5Of769Zyj6HrtHi/xYiHBM9ePkYeAaJf3AwC4QeJGk61lj7HAk
GgOZTTkxB+wlJw2GzZifxDSCmGA++w59oGTUjBS6vPogEyB83OKcSz+PW6t6Q9oI
1OAIIR397Eo6tJ7qa3XRMubjBeG5V/hiQtlbeNv/Lzg5V362/6XmcWt8cJQyqnIr
E3FTEzz4W/gMM7X6BrHLwvLjPdfBTG2JKH5UweSPyyQ6Yscc1ZAaGfzUbFBiU5tI
rW2/P5iS+M6oTii+kQLdlKW6OdxyuKyDxOLlrhR71Nlsqp61XKJtS6k0aMwOZS3J
q5UGpZCI8QGmIGDlWnOT
=STzK
-----END PGP SIGNATURE-----



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault