mailing list archives
CVE request: piwik before 1.10
From: Hanno Böck <hanno () hboeck de>
Date: Thu, 17 Jan 2013 10:18:36 +0100
"Security: We would like to thank the Security Researchers Mateusz
Goik, Paweł Hałdrzyński and Artur Czyż, for their responsible
disclosure. They have all reported XSS vulnerabilities (which we’ve
fixed) as part of our Security Bug Bounty Program. Thank you to them
for making Piwik more secure!"
Security focus lists it, but it calls it just "Multiple Unspecified
Cross Site Scripting Vulnerabilities".
No further details. And as piwik devs already statet here last year,
they like security by obscurity so I don't think asking them will help.
Please assign CVE. (I think one for all XSS issues fixed in 1.10 is
Hanno Böck mail/jabber: hanno () hboeck de
GPG: BBB51E42 http://www.hboeck.de/
- CVE request: piwik before 1.10 Hanno Böck (Jan 17)