Search criteria
66 vulnerabilities found for matomo by matomo
FKIE_CVE-2023-6923
Vulnerability from fkie_nvd - Published: 2024-02-29 01:42 - Updated: 2025-04-01 15:25
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:matomo:matomo:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "522D2348-750A-45AA-BCC6-A374BB66580F",
"versionEndExcluding": "5.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Matomo Analytics \u2013 Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Matomo Analytics \u2013 Ethical Stats. Powerful Insights para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro idsite en todas las versiones hasta la 4.15.3 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"id": "CVE-2023-6923",
"lastModified": "2025-04-01T15:25:41.127",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-29T01:42:49.007",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3031495%40matomo\u0026new=3031495%40matomo\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e2d54eb-c176-49c4-a4fc-833e17189cad?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3031495%40matomo\u0026new=3031495%40matomo\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e2d54eb-c176-49c4-a4fc-833e17189cad?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-0193
Vulnerability from fkie_nvd - Published: 2019-11-20 15:15 - Updated: 2024-11-21 01:47
Severity ?
Summary
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/01/17/15 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://matomo.org/changelog/piwik-1-10/ | Release Notes, Third Party Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2013-0193 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/01/17/15 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://matomo.org/changelog/piwik-1-10/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2013-0193 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:matomo:matomo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C38FDFB-5B2F-4444-8873-2C25865A33F4",
"versionEndExcluding": "1.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Piwik versiones anteriores a la versi\u00f3n 1.10.1, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. NOTA: Esta es una vulnerabilidad diferente de CVE-2013-0194 y CVE-2013-0195."
}
],
"id": "CVE-2013-0193",
"lastModified": "2024-11-21T01:47:02.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-20T15:15:11.177",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0193"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-0195
Vulnerability from fkie_nvd - Published: 2019-11-20 15:15 - Updated: 2024-11-21 01:47
Severity ?
Summary
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/01/17/15 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://matomo.org/changelog/piwik-1-10/ | Release Notes, Third Party Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2013-0195 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/01/17/15 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://matomo.org/changelog/piwik-1-10/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2013-0195 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:matomo:matomo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C38FDFB-5B2F-4444-8873-2C25865A33F4",
"versionEndExcluding": "1.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Piwik versiones anteriores a 1.10.1, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. NOTA: Esta es una vulnerabilidad diferente de CVE-2013-0193 y CVE-2013-0194."
}
],
"id": "CVE-2013-0195",
"lastModified": "2024-11-21T01:47:02.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-20T15:15:11.333",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0195"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-0194
Vulnerability from fkie_nvd - Published: 2019-11-20 15:15 - Updated: 2024-11-21 01:47
Severity ?
Summary
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/01/17/15 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://matomo.org/changelog/piwik-1-10/ | Release Notes, Third Party Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2013-0194 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/01/17/15 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://matomo.org/changelog/piwik-1-10/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2013-0194 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:matomo:matomo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C38FDFB-5B2F-4444-8873-2C25865A33F4",
"versionEndExcluding": "1.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Piwik versiones anteriores a la versi\u00f3n 1.10.1, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. NOTA: Esta es una vulnerabilidad diferente de CVE-2013-0193 y CVE-2013-0195."
}
],
"id": "CVE-2013-0194",
"lastModified": "2024-11-21T01:47:02.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-20T15:15:11.240",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0194"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-12215
Vulnerability from fkie_nvd - Published: 2019-05-20 16:29 - Updated: 2024-11-21 04:22
Severity ?
Summary
A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating "avoid reporting path disclosures, as we don't consider them as security vulnerabilities.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/matomo-org/matomo/issues/14464 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/matomo-org/matomo/issues/14464 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:matomo:matomo:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D513660-D70D-492C-99F7-41D619E86E0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating \"avoid reporting path disclosures, as we don\u0027t consider them as security vulnerabilities."
},
{
"lang": "es",
"value": "** EN DISPUTA ** Se descubri\u00f3 una vulnerabilidad de divulgaci\u00f3n de ruta completa en Matomo v3.9.1, donde un usuario puede desencadenar un error particular para descubrir la ruta completa de Matomo en el disco, porque lastError.file se usa en plugins/CorePluginsAdmin/templates/safemode.twig. NOTA: el proveedor cuestiona la importancia de este problema y dice \"evite la divulgaci\u00f3n de la informaci\u00f3n de las rutas de acceso, ya que no las consideramos como vulnerabilidades de seguridad\"."
}
],
"id": "CVE-2019-12215",
"lastModified": "2024-11-21T04:22:26.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-20T16:29:01.320",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/matomo-org/matomo/issues/14464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/matomo-org/matomo/issues/14464"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-7816
Vulnerability from fkie_nvd - Published: 2015-11-16 19:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:matomo:matomo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D0E855-7817-4341-B32A-F508842FC8CC",
"versionEndIncluding": "2.14.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header."
},
{
"lang": "es",
"value": "La funci\u00f3n DisplayTopKeywords en plugins/Referrers/Controller.php en Piwik en versiones anteriores a 2.15.0 permite a atacantes remotos llevar a cabo ataques de inyecci\u00f3n de objetos PHP, ejecutar ataques de SSRF y ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de una cabecera HTTP manipulada."
}
],
"evaluatorComment": "\u003ca href=\"https://cwe.mitre.org/data/definitions/918.html\"\u003eCWE-918: Server-Side Request Forgery (SSRF)\u003c/a\u003e",
"id": "CVE-2015-7816",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-16T19:59:05.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://karmainsecurity.com/KIS-2015-10"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/134220/Piwik-2.14.3-PHP-Object-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/15"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536839/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://piwik.org/changelog/piwik-2-15-0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://karmainsecurity.com/KIS-2015-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/134220/Piwik-2.14.3-PHP-Object-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536839/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://piwik.org/changelog/piwik-2-15-0/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-7815
Vulnerability from fkie_nvd - Published: 2015-11-16 19:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:matomo:matomo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D0E855-7817-4341-B32A-F508842FC8CC",
"versionEndIncluding": "2.14.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en core/ViewDataTable/Factory.php en Piwik en versiones anteriores a 2.15.0 permite a atacantes remotos incluir y ejecutar archivos locales arbitrarios a trav\u00e9s del par\u00e1metro viewDataTable."
}
],
"id": "CVE-2015-7815",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-16T19:59:04.440",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://karmainsecurity.com/KIS-2015-09"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/134219/Piwik-2.14.3-Local-File-Inclusion.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/14"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536838/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://piwik.org/changelog/piwik-2-15-0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://karmainsecurity.com/KIS-2015-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/134219/Piwik-2.14.3-Local-File-Inclusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536838/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://piwik.org/changelog/piwik-2-15-0/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2633
Vulnerability from fkie_nvd - Published: 2013-03-21 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| matomo | matomo | * | |
| matomo | matomo | 1.0 | |
| matomo | matomo | 1.1 | |
| matomo | matomo | 1.1.1 | |
| matomo | matomo | 1.2 | |
| matomo | matomo | 1.2.1 | |
| matomo | matomo | 1.3 | |
| matomo | matomo | 1.4 | |
| matomo | matomo | 1.5 | |
| matomo | matomo | 1.5.1 | |
| matomo | matomo | 1.6 | |
| matomo | matomo | 1.7 | |
| matomo | matomo | 1.7.1 | |
| matomo | matomo | 1.8 | |
| matomo | matomo | 1.8.1 | |
| matomo | matomo | 1.8.2 | |
| matomo | matomo | 1.8.3 | |
| matomo | matomo | 1.8.4 | |
| matomo | matomo | 1.9.1 | |
| matomo | matomo | 1.9.2 | |
| matomo | matomo | 1.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:matomo:matomo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F93E615-6268-450D-A140-405E00B28CE6",
"versionEndIncluding": "1.10.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E45F2630-A217-4F08-B36B-314AD69DD92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "419A5DA8-D63D-4EAC-A4D5-4B5A1B7D4286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2891784E-0524-434C-9269-81C85C37D969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "491C3F7C-889A-4E2A-A956-5ABB3836BAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E38E65CD-4B1F-4D81-A818-6A4B0E312253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0E10E743-30FB-408C-A50B-BCAA0D750B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B80242D7-A09F-430A-9468-B52EBA6F6337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4B194B-C780-4005-A641-BCDB8A81FBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C58F5320-BE2E-46D6-AFD8-BB298A10926F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D3535D-A8F1-42A2-BD7E-4EEFEF15C1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFB1D11-C059-4CD4-9C38-8D2A7901BC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA28DF4-8F43-4F35-9F1F-6A6C785B0CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A33B1DF0-B069-4A72-A7AB-643E459FDB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2869144-4413-469B-A6EE-31F5180BA10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FACB8A22-2A07-4598-B8B6-27BC60F5E359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2C56AA-46BA-4C13-8BA2-6C37AF63D5B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8E33B0-6C43-4A7B-9BF4-9E3BC8D58880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0054CC-1ADD-48B7-8174-DD867521FA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C4CE48-9FE8-4FAF-A949-150038F723F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "692E334C-0A16-4770-BEBE-1824CCE20642",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters."
},
{
"lang": "es",
"value": "Piwik anterior a v1.11 acepta entradas desde una petici\u00f3n POST en lugar de una petici\u00f3n GET en circunstancias sin especificar, lo que puede permitir ataques para conseguir informaci\u00f3n a trav\u00e9s del aprovechamiento de los par\u00e1metros del login."
}
],
"id": "CVE-2013-2633",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-21T21:55:01.003",
"references": [
{
"source": "cve@mitre.org",
"url": "http://piwik.org/blog/2013/03/piwik-1-11/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://piwik.org/blog/2013/03/piwik-1-11/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-1844
Vulnerability from fkie_nvd - Published: 2013-03-21 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| matomo | matomo | * | |
| matomo | matomo | 1.0 | |
| matomo | matomo | 1.1 | |
| matomo | matomo | 1.1.1 | |
| matomo | matomo | 1.2 | |
| matomo | matomo | 1.2.1 | |
| matomo | matomo | 1.3 | |
| matomo | matomo | 1.4 | |
| matomo | matomo | 1.5 | |
| matomo | matomo | 1.5.1 | |
| matomo | matomo | 1.6 | |
| matomo | matomo | 1.7 | |
| matomo | matomo | 1.7.1 | |
| matomo | matomo | 1.8 | |
| matomo | matomo | 1.8.1 | |
| matomo | matomo | 1.8.2 | |
| matomo | matomo | 1.8.3 | |
| matomo | matomo | 1.8.4 | |
| matomo | matomo | 1.9.1 | |
| matomo | matomo | 1.9.2 | |
| matomo | matomo | 1.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:matomo:matomo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F93E615-6268-450D-A140-405E00B28CE6",
"versionEndIncluding": "1.10.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E45F2630-A217-4F08-B36B-314AD69DD92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "419A5DA8-D63D-4EAC-A4D5-4B5A1B7D4286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2891784E-0524-434C-9269-81C85C37D969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "491C3F7C-889A-4E2A-A956-5ABB3836BAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E38E65CD-4B1F-4D81-A818-6A4B0E312253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0E10E743-30FB-408C-A50B-BCAA0D750B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B80242D7-A09F-430A-9468-B52EBA6F6337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4B194B-C780-4005-A641-BCDB8A81FBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C58F5320-BE2E-46D6-AFD8-BB298A10926F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D3535D-A8F1-42A2-BD7E-4EEFEF15C1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFB1D11-C059-4CD4-9C38-8D2A7901BC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA28DF4-8F43-4F35-9F1F-6A6C785B0CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A33B1DF0-B069-4A72-A7AB-643E459FDB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2869144-4413-469B-A6EE-31F5180BA10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FACB8A22-2A07-4598-B8B6-27BC60F5E359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2C56AA-46BA-4C13-8BA2-6C37AF63D5B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8E33B0-6C43-4A7B-9BF4-9E3BC8D58880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0054CC-1ADD-48B7-8174-DD867521FA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C4CE48-9FE8-4FAF-A949-150038F723F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "692E334C-0A16-4770-BEBE-1824CCE20642",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Piwik anterior a v1.11 que permite a atacantes remotos inyectar un script web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-1844",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-03-21T21:55:00.933",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://piwik.org/blog/2013/03/piwik-1-11/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://piwik.org/blog/2013/03/piwik-1-11/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-4541
Vulnerability from fkie_nvd - Published: 2012-11-19 12:10 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:matomo:matomo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99DAAC69-194C-4FCC-B6B1-5DD84139E9F5",
"versionEndIncluding": "1.8.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E45F2630-A217-4F08-B36B-314AD69DD92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "491C3F7C-889A-4E2A-A956-5ABB3836BAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E38E65CD-4B1F-4D81-A818-6A4B0E312253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0E10E743-30FB-408C-A50B-BCAA0D750B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B80242D7-A09F-430A-9468-B52EBA6F6337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4B194B-C780-4005-A641-BCDB8A81FBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C58F5320-BE2E-46D6-AFD8-BB298A10926F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D3535D-A8F1-42A2-BD7E-4EEFEF15C1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFB1D11-C059-4CD4-9C38-8D2A7901BC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A33B1DF0-B069-4A72-A7AB-643E459FDB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2869144-4413-469B-A6EE-31F5180BA10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FACB8A22-2A07-4598-B8B6-27BC60F5E359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matomo:matomo:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2C56AA-46BA-4C13-8BA2-6C37AF63D5B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Piwik antes de v1.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-4541",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-19T12:10:52.510",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://piwik.org/blog/2012/10/piwik-1-9/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/10/22/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/10/23/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://piwik.org/blog/2012/10/piwik-1-9/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/10/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/10/23/2"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-6923 (GCVE-0-2023-6923)
Vulnerability from cvelistv5 – Published: 2024-02-20 18:56 – Updated: 2024-08-02 08:42
VLAI?
Summary
The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| matomoteam | Matomo Analytics – Ethical Stats. Powerful Insights. |
Affected:
* , ≤ 4.15.3
(semver)
|
Credits
Felipe Restrepo Rodriguez
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-29T18:21:23.477955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:15.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e2d54eb-c176-49c4-a4fc-833e17189cad?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3031495%40matomo\u0026new=3031495%40matomo\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Matomo Analytics \u2013 Ethical Stats. Powerful Insights.",
"vendor": "matomoteam",
"versions": [
{
"lessThanOrEqual": "4.15.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Felipe Restrepo Rodriguez"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Matomo Analytics \u2013 Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T18:56:24.446Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e2d54eb-c176-49c4-a4fc-833e17189cad?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3031495%40matomo\u0026new=3031495%40matomo\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-07T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6923",
"datePublished": "2024-02-20T18:56:24.446Z",
"dateReserved": "2023-12-18T15:12:38.158Z",
"dateUpdated": "2024-08-02T08:42:08.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0195 (GCVE-0-2013-0195)
Vulnerability from cvelistv5 – Published: 2019-11-20 14:31 – Updated: 2024-08-06 14:18
VLAI?
Summary
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0195"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "piwik",
"vendor": "piwik",
"versions": [
{
"status": "affected",
"version": "through 2013"
}
]
}
],
"datePublic": "2013-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T14:31:59",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0195"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "piwik",
"version": {
"version_data": [
{
"version_value": "through 2013"
}
]
}
}
]
},
"vendor_name": "piwik"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/01/17/15",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-0195",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0195"
},
{
"name": "https://matomo.org/changelog/piwik-1-10/",
"refsource": "CONFIRM",
"url": "https://matomo.org/changelog/piwik-1-10/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0195",
"datePublished": "2019-11-20T14:31:59",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0194 (GCVE-0-2013-0194)
Vulnerability from cvelistv5 – Published: 2019-11-20 14:30 – Updated: 2024-08-06 14:18
VLAI?
Summary
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0194"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "piwik",
"vendor": "piwik",
"versions": [
{
"status": "affected",
"version": "1.10.1"
}
]
}
],
"datePublic": "2013-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T14:30:12",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0194"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "piwik",
"version": {
"version_data": [
{
"version_value": "1.10.1"
}
]
}
}
]
},
"vendor_name": "piwik"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/01/17/15",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-0194",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0194"
},
{
"name": "https://matomo.org/changelog/piwik-1-10/",
"refsource": "CONFIRM",
"url": "https://matomo.org/changelog/piwik-1-10/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0194",
"datePublished": "2019-11-20T14:30:12",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0193 (GCVE-0-2013-0193)
Vulnerability from cvelistv5 – Published: 2019-11-20 14:26 – Updated: 2024-08-06 14:18
VLAI?
Summary
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0193"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "piwik",
"vendor": "piwik",
"versions": [
{
"status": "affected",
"version": "1.10.1"
}
]
}
],
"datePublic": "2013-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T14:26:54",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0193"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "piwik",
"version": {
"version_data": [
{
"version_value": "1.10.1"
}
]
}
}
]
},
"vendor_name": "piwik"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-0193",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0193"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/01/17/15",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"name": "https://matomo.org/changelog/piwik-1-10/",
"refsource": "CONFIRM",
"url": "https://matomo.org/changelog/piwik-1-10/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0193",
"datePublished": "2019-11-20T14:26:54",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12215 (GCVE-0-2019-12215)
Vulnerability from cvelistv5 – Published: 2019-05-20 15:47 – Updated: 2024-08-04 23:17 Disputed
VLAI?
Summary
A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating "avoid reporting path disclosures, as we don't consider them as security vulnerabilities.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:38.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matomo-org/matomo/issues/14464"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating \"avoid reporting path disclosures, as we don\u0027t consider them as security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-20T15:47:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matomo-org/matomo/issues/14464"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating \"avoid reporting path disclosures, as we don\u0027t consider them as security vulnerabilities.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/matomo-org/matomo/issues/14464",
"refsource": "MISC",
"url": "https://github.com/matomo-org/matomo/issues/14464"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12215",
"datePublished": "2019-05-20T15:47:34",
"dateReserved": "2019-05-20T00:00:00",
"dateUpdated": "2024-08-04T23:17:38.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7815 (GCVE-0-2015-7815)
Vulnerability from cvelistv5 – Published: 2015-11-16 19:00 – Updated: 2024-08-06 07:59
VLAI?
Summary
Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134219/Piwik-2.14.3-Local-File-Inclusion.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://piwik.org/changelog/piwik-2-15-0/"
},
{
"name": "20151104 [KIS-2015-09] Piwik \u003c= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536838/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://karmainsecurity.com/KIS-2015-09"
},
{
"name": "20151104 [KIS-2015-09] Piwik \u003c= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134219/Piwik-2.14.3-Local-File-Inclusion.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://piwik.org/changelog/piwik-2-15-0/"
},
{
"name": "20151104 [KIS-2015-09] Piwik \u003c= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536838/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://karmainsecurity.com/KIS-2015-09"
},
{
"name": "20151104 [KIS-2015-09] Piwik \u003c= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/134219/Piwik-2.14.3-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134219/Piwik-2.14.3-Local-File-Inclusion.html"
},
{
"name": "https://piwik.org/changelog/piwik-2-15-0/",
"refsource": "CONFIRM",
"url": "https://piwik.org/changelog/piwik-2-15-0/"
},
{
"name": "20151104 [KIS-2015-09] Piwik \u003c= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536838/100/0/threaded"
},
{
"name": "http://karmainsecurity.com/KIS-2015-09",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2015-09"
},
{
"name": "20151104 [KIS-2015-09] Piwik \u003c= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Nov/14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7815",
"datePublished": "2015-11-16T19:00:00",
"dateReserved": "2015-10-14T00:00:00",
"dateUpdated": "2024-08-06T07:59:00.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7816 (GCVE-0-2015-7816)
Vulnerability from cvelistv5 – Published: 2015-11-16 19:00 – Updated: 2024-08-06 07:59
VLAI?
Summary
The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://karmainsecurity.com/KIS-2015-10"
},
{
"name": "20151104 [KIS-2015-10] Piwik \u003c= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134220/Piwik-2.14.3-PHP-Object-Injection.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://piwik.org/changelog/piwik-2-15-0/"
},
{
"name": "20151104 [KIS-2015-10] Piwik \u003c= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536839/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://karmainsecurity.com/KIS-2015-10"
},
{
"name": "20151104 [KIS-2015-10] Piwik \u003c= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134220/Piwik-2.14.3-PHP-Object-Injection.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://piwik.org/changelog/piwik-2-15-0/"
},
{
"name": "20151104 [KIS-2015-10] Piwik \u003c= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536839/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://karmainsecurity.com/KIS-2015-10",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2015-10"
},
{
"name": "20151104 [KIS-2015-10] Piwik \u003c= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Nov/15"
},
{
"name": "http://packetstormsecurity.com/files/134220/Piwik-2.14.3-PHP-Object-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134220/Piwik-2.14.3-PHP-Object-Injection.html"
},
{
"name": "https://piwik.org/changelog/piwik-2-15-0/",
"refsource": "CONFIRM",
"url": "https://piwik.org/changelog/piwik-2-15-0/"
},
{
"name": "20151104 [KIS-2015-10] Piwik \u003c= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536839/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7816",
"datePublished": "2015-11-16T19:00:00",
"dateReserved": "2015-10-14T00:00:00",
"dateUpdated": "2024-08-06T07:59:00.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1844 (GCVE-0-2013-1844)
Vulnerability from cvelistv5 – Published: 2013-03-21 21:00 – Updated: 2024-09-17 01:51
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130311 Re: CVE request: XSS in piwik 1.11",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://piwik.org/blog/2013/03/piwik-1-11/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-21T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130311 Re: CVE request: XSS in piwik 1.11",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://piwik.org/blog/2013/03/piwik-1-11/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130311 Re: CVE request: XSS in piwik 1.11",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/4"
},
{
"name": "http://piwik.org/blog/2013/03/piwik-1-11/",
"refsource": "CONFIRM",
"url": "http://piwik.org/blog/2013/03/piwik-1-11/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1844",
"datePublished": "2013-03-21T21:00:00Z",
"dateReserved": "2013-02-19T00:00:00Z",
"dateUpdated": "2024-09-17T01:51:34.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2633 (GCVE-0-2013-2633)
Vulnerability from cvelistv5 – Published: 2013-03-21 21:00 – Updated: 2024-09-16 17:53
VLAI?
Summary
Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://piwik.org/blog/2013/03/piwik-1-11/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-21T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://piwik.org/blog/2013/03/piwik-1-11/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://piwik.org/blog/2013/03/piwik-1-11/",
"refsource": "CONFIRM",
"url": "http://piwik.org/blog/2013/03/piwik-1-11/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2633",
"datePublished": "2013-03-21T21:00:00Z",
"dateReserved": "2013-03-21T00:00:00Z",
"dateUpdated": "2024-09-16T17:53:59.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4541 (GCVE-0-2012-4541)
Vulnerability from cvelistv5 – Published: 2012-11-19 11:00 – Updated: 2024-09-17 00:36
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://piwik.org/blog/2012/10/piwik-1-9/"
},
{
"name": "[oss-security] 20121022 Re: CVE request: XSS in piwik before 1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/22/1"
},
{
"name": "[oss-security] 20121023 Re: CVE request: XSS in piwik before 1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/23/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-19T11:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://piwik.org/blog/2012/10/piwik-1-9/"
},
{
"name": "[oss-security] 20121022 Re: CVE request: XSS in piwik before 1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/22/1"
},
{
"name": "[oss-security] 20121023 Re: CVE request: XSS in piwik before 1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/23/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://piwik.org/blog/2012/10/piwik-1-9/",
"refsource": "CONFIRM",
"url": "http://piwik.org/blog/2012/10/piwik-1-9/"
},
{
"name": "[oss-security] 20121022 Re: CVE request: XSS in piwik before 1.9",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/22/1"
},
{
"name": "[oss-security] 20121023 Re: CVE request: XSS in piwik before 1.9",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/23/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4541",
"datePublished": "2012-11-19T11:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-09-17T00:36:04.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6923 (GCVE-0-2023-6923)
Vulnerability from nvd – Published: 2024-02-20 18:56 – Updated: 2024-08-02 08:42
VLAI?
Summary
The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| matomoteam | Matomo Analytics – Ethical Stats. Powerful Insights. |
Affected:
* , ≤ 4.15.3
(semver)
|
Credits
Felipe Restrepo Rodriguez
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-29T18:21:23.477955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:15.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e2d54eb-c176-49c4-a4fc-833e17189cad?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3031495%40matomo\u0026new=3031495%40matomo\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Matomo Analytics \u2013 Ethical Stats. Powerful Insights.",
"vendor": "matomoteam",
"versions": [
{
"lessThanOrEqual": "4.15.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Felipe Restrepo Rodriguez"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Matomo Analytics \u2013 Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T18:56:24.446Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e2d54eb-c176-49c4-a4fc-833e17189cad?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3031495%40matomo\u0026new=3031495%40matomo\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-07T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6923",
"datePublished": "2024-02-20T18:56:24.446Z",
"dateReserved": "2023-12-18T15:12:38.158Z",
"dateUpdated": "2024-08-02T08:42:08.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0195 (GCVE-0-2013-0195)
Vulnerability from nvd – Published: 2019-11-20 14:31 – Updated: 2024-08-06 14:18
VLAI?
Summary
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0195"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "piwik",
"vendor": "piwik",
"versions": [
{
"status": "affected",
"version": "through 2013"
}
]
}
],
"datePublic": "2013-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T14:31:59",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0195"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "piwik",
"version": {
"version_data": [
{
"version_value": "through 2013"
}
]
}
}
]
},
"vendor_name": "piwik"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/01/17/15",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-0195",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0195"
},
{
"name": "https://matomo.org/changelog/piwik-1-10/",
"refsource": "CONFIRM",
"url": "https://matomo.org/changelog/piwik-1-10/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0195",
"datePublished": "2019-11-20T14:31:59",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0194 (GCVE-0-2013-0194)
Vulnerability from nvd – Published: 2019-11-20 14:30 – Updated: 2024-08-06 14:18
VLAI?
Summary
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0194"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "piwik",
"vendor": "piwik",
"versions": [
{
"status": "affected",
"version": "1.10.1"
}
]
}
],
"datePublic": "2013-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T14:30:12",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0194"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "piwik",
"version": {
"version_data": [
{
"version_value": "1.10.1"
}
]
}
}
]
},
"vendor_name": "piwik"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/01/17/15",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-0194",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0194"
},
{
"name": "https://matomo.org/changelog/piwik-1-10/",
"refsource": "CONFIRM",
"url": "https://matomo.org/changelog/piwik-1-10/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0194",
"datePublished": "2019-11-20T14:30:12",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0193 (GCVE-0-2013-0193)
Vulnerability from nvd – Published: 2019-11-20 14:26 – Updated: 2024-08-06 14:18
VLAI?
Summary
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0193"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "piwik",
"vendor": "piwik",
"versions": [
{
"status": "affected",
"version": "1.10.1"
}
]
}
],
"datePublic": "2013-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T14:26:54",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0193"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://matomo.org/changelog/piwik-1-10/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "piwik",
"version": {
"version_data": [
{
"version_value": "1.10.1"
}
]
}
}
]
},
"vendor_name": "piwik"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-0193",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0193"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/01/17/15",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"name": "https://matomo.org/changelog/piwik-1-10/",
"refsource": "CONFIRM",
"url": "https://matomo.org/changelog/piwik-1-10/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0193",
"datePublished": "2019-11-20T14:26:54",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12215 (GCVE-0-2019-12215)
Vulnerability from nvd – Published: 2019-05-20 15:47 – Updated: 2024-08-04 23:17 Disputed
VLAI?
Summary
A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating "avoid reporting path disclosures, as we don't consider them as security vulnerabilities.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:38.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matomo-org/matomo/issues/14464"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating \"avoid reporting path disclosures, as we don\u0027t consider them as security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-20T15:47:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matomo-org/matomo/issues/14464"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating \"avoid reporting path disclosures, as we don\u0027t consider them as security vulnerabilities.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/matomo-org/matomo/issues/14464",
"refsource": "MISC",
"url": "https://github.com/matomo-org/matomo/issues/14464"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12215",
"datePublished": "2019-05-20T15:47:34",
"dateReserved": "2019-05-20T00:00:00",
"dateUpdated": "2024-08-04T23:17:38.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7815 (GCVE-0-2015-7815)
Vulnerability from nvd – Published: 2015-11-16 19:00 – Updated: 2024-08-06 07:59
VLAI?
Summary
Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134219/Piwik-2.14.3-Local-File-Inclusion.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://piwik.org/changelog/piwik-2-15-0/"
},
{
"name": "20151104 [KIS-2015-09] Piwik \u003c= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536838/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://karmainsecurity.com/KIS-2015-09"
},
{
"name": "20151104 [KIS-2015-09] Piwik \u003c= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134219/Piwik-2.14.3-Local-File-Inclusion.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://piwik.org/changelog/piwik-2-15-0/"
},
{
"name": "20151104 [KIS-2015-09] Piwik \u003c= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536838/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://karmainsecurity.com/KIS-2015-09"
},
{
"name": "20151104 [KIS-2015-09] Piwik \u003c= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/134219/Piwik-2.14.3-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134219/Piwik-2.14.3-Local-File-Inclusion.html"
},
{
"name": "https://piwik.org/changelog/piwik-2-15-0/",
"refsource": "CONFIRM",
"url": "https://piwik.org/changelog/piwik-2-15-0/"
},
{
"name": "20151104 [KIS-2015-09] Piwik \u003c= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536838/100/0/threaded"
},
{
"name": "http://karmainsecurity.com/KIS-2015-09",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2015-09"
},
{
"name": "20151104 [KIS-2015-09] Piwik \u003c= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Nov/14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7815",
"datePublished": "2015-11-16T19:00:00",
"dateReserved": "2015-10-14T00:00:00",
"dateUpdated": "2024-08-06T07:59:00.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7816 (GCVE-0-2015-7816)
Vulnerability from nvd – Published: 2015-11-16 19:00 – Updated: 2024-08-06 07:59
VLAI?
Summary
The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://karmainsecurity.com/KIS-2015-10"
},
{
"name": "20151104 [KIS-2015-10] Piwik \u003c= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134220/Piwik-2.14.3-PHP-Object-Injection.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://piwik.org/changelog/piwik-2-15-0/"
},
{
"name": "20151104 [KIS-2015-10] Piwik \u003c= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536839/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://karmainsecurity.com/KIS-2015-10"
},
{
"name": "20151104 [KIS-2015-10] Piwik \u003c= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134220/Piwik-2.14.3-PHP-Object-Injection.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://piwik.org/changelog/piwik-2-15-0/"
},
{
"name": "20151104 [KIS-2015-10] Piwik \u003c= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536839/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://karmainsecurity.com/KIS-2015-10",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2015-10"
},
{
"name": "20151104 [KIS-2015-10] Piwik \u003c= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Nov/15"
},
{
"name": "http://packetstormsecurity.com/files/134220/Piwik-2.14.3-PHP-Object-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134220/Piwik-2.14.3-PHP-Object-Injection.html"
},
{
"name": "https://piwik.org/changelog/piwik-2-15-0/",
"refsource": "CONFIRM",
"url": "https://piwik.org/changelog/piwik-2-15-0/"
},
{
"name": "20151104 [KIS-2015-10] Piwik \u003c= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536839/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7816",
"datePublished": "2015-11-16T19:00:00",
"dateReserved": "2015-10-14T00:00:00",
"dateUpdated": "2024-08-06T07:59:00.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1844 (GCVE-0-2013-1844)
Vulnerability from nvd – Published: 2013-03-21 21:00 – Updated: 2024-09-17 01:51
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130311 Re: CVE request: XSS in piwik 1.11",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://piwik.org/blog/2013/03/piwik-1-11/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-21T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130311 Re: CVE request: XSS in piwik 1.11",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://piwik.org/blog/2013/03/piwik-1-11/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130311 Re: CVE request: XSS in piwik 1.11",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/4"
},
{
"name": "http://piwik.org/blog/2013/03/piwik-1-11/",
"refsource": "CONFIRM",
"url": "http://piwik.org/blog/2013/03/piwik-1-11/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1844",
"datePublished": "2013-03-21T21:00:00Z",
"dateReserved": "2013-02-19T00:00:00Z",
"dateUpdated": "2024-09-17T01:51:34.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2633 (GCVE-0-2013-2633)
Vulnerability from nvd – Published: 2013-03-21 21:00 – Updated: 2024-09-16 17:53
VLAI?
Summary
Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://piwik.org/blog/2013/03/piwik-1-11/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-21T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://piwik.org/blog/2013/03/piwik-1-11/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://piwik.org/blog/2013/03/piwik-1-11/",
"refsource": "CONFIRM",
"url": "http://piwik.org/blog/2013/03/piwik-1-11/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2633",
"datePublished": "2013-03-21T21:00:00Z",
"dateReserved": "2013-03-21T00:00:00Z",
"dateUpdated": "2024-09-16T17:53:59.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4541 (GCVE-0-2012-4541)
Vulnerability from nvd – Published: 2012-11-19 11:00 – Updated: 2024-09-17 00:36
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://piwik.org/blog/2012/10/piwik-1-9/"
},
{
"name": "[oss-security] 20121022 Re: CVE request: XSS in piwik before 1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/22/1"
},
{
"name": "[oss-security] 20121023 Re: CVE request: XSS in piwik before 1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/23/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-19T11:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://piwik.org/blog/2012/10/piwik-1-9/"
},
{
"name": "[oss-security] 20121022 Re: CVE request: XSS in piwik before 1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/22/1"
},
{
"name": "[oss-security] 20121023 Re: CVE request: XSS in piwik before 1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/23/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://piwik.org/blog/2012/10/piwik-1-9/",
"refsource": "CONFIRM",
"url": "http://piwik.org/blog/2012/10/piwik-1-9/"
},
{
"name": "[oss-security] 20121022 Re: CVE request: XSS in piwik before 1.9",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/22/1"
},
{
"name": "[oss-security] 20121023 Re: CVE request: XSS in piwik before 1.9",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/23/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4541",
"datePublished": "2012-11-19T11:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-09-17T00:36:04.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}