Lucene search
K

139 matches found

OSV
OSV
added 2022/07/12 11:15 p.m.5 views

CVE-2022-33156

The matomointegration aka Matomo Integration extension before 1.3.2 for TYPO3 allows XSS...

6.1CVSS5.8AI score0.00541EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/12 11:15 p.m.5 views

CVE-2022-33156

The matomointegration aka Matomo Integration extension before 1.3.2 for TYPO3 allows XSS...

6.1CVSS5.8AI score0.00541EPSS
Exploits0References4
Prion
Prion
added 2022/07/12 11:15 p.m.15 views

Cross site scripting

The matomointegration aka Matomo Integration extension before 1.3.2 for TYPO3 allows XSS...

4.3CVSS6.3AI score0.00541EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/07/12 10:45 p.m.23 views

CVE-2022-33156

The matomointegration aka Matomo Integration extension before 1.3.2 for TYPO3 allows XSS...

6.5AI score0.00541EPSS
Exploits0References1
CVE
CVE
added 2022/07/12 10:45 p.m.106 views

CVE-2022-33156

The CVE-2022-33156 entry concerns the matomo_integration (TYPO3) extension, with vulnerable versions prior to 1.3.2. Concrete details from connected sources indicate: (1) vulnerability is Cross-Site Scripting (XSS) due to improper encoding of user input in HTML output, (2) exploitation generally ...

6.1CVSS6.2AI score0.00541EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:26 p.m.2 views

Malicious code in matomo-analytics-cloudflare-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 379cfcf198b8b35c36cafb16790478cac75d84f6f4c52217add6893135f41d02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:26 p.m.6 views

MAL-2022-4496 Malicious code in matomo-analytics-cloudflare-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 379cfcf198b8b35c36cafb16790478cac75d84f6f4c52217add6893135f41d02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Veracode
Veracode
added 2022/06/20 12:10 p.m.18 views

Cross-Site Scripting (XSS)

brotkrueml/typo3-matomo-integration is vulnerable to cross-site scripting. The vulnerability exists in convertStringValue function in MatomoMethodCall.php because the content from PSR-14 events are not properly escaped which allows an attackers to inject and execute arbitrary javascript...

6.1CVSS6.2AI score0.00541EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/06/17 9:46 p.m.48 views

GHSA-GVXV-P9RV-GMCG brotkrueml/typo3-matomo-integration vulnerable to Cross-Site Scripting

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

6.1CVSS6.1AI score0.00541EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/06/17 9:46 p.m.38 views

brotkrueml/typo3-matomo-integration vulnerable to Cross-Site Scripting

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

6.1CVSS6.1AI score0.00541EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/17 12:0 a.m.3 views

PT-2022-21716 · Typo3 · Wp-Matomo Integration

Name of the Vulnerable Software and Affected Versions: matomo integration extension versions prior to 1.3.2 Description: The issue allows for XSS due to the extension's failure to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit this issue...

6.1CVSS5.9AI score0.00541EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/13 1:30 a.m.12 views

Piwik (now Matomo) Reveals Sensitive Information by Accepting Input from `POST` Requests

Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters...

5CVSS6.3AI score0.00993EPSS
Exploits0References3Affected Software2
WPVulnDB
WPVulnDB
added 2022/02/14 12:0 a.m.14 views

WP-Matomo Integration (WP-Piwik) < 1.0.27 - Plugin Settings Reset via CSRF

The plugin does not have CSRF when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack PoC https://example.com/wp-admin/options-general.php?page=wp-piwik%2Fclasses%2FWPPiwik.php=2...

6.7AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2022/02/14 12:0 a.m.135 views

WP-Matomo Integration (WP-Piwik) < 1.0.27 - Plugin Settings Reset via CSRF

The plugin does not have CSRF when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack https://example.com/wp-admin/options-general.php?page=wp-piwik%2Fclasses%2FWPPiwik.php&clear=2...

6.8AI score
Exploits0References1
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.7 views

Docker Image Matomo Piwik Security Vulnerability

Docker is an open source application container engine from the American company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment, and upgrading of applications...

10CVSS7.3AI score0.02247EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/06/08 12:0 a.m.23 views

Matomo Analytics < 3.13.6 LDAP Plugin Vulnerability

Matomo Analytics before version 3.13.6 is prone to an unspecified vulnerability in the LDAP plugin. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.2AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/03/27 12:0 a.m.37 views

Matomo Analytics < 3.13.4 XSS Vulnerability

Matomo Analytics before version 3.13.4 is prone to a cross-site scripting XSS vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...

6.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/01/18 12:0 a.m.212 views

Matomo Analytics < 3.13.1 SQL Injection Vulnerability

Matomo Analytics before version 3.13.1 is prone to an SQL injection vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

7.6AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/01/13 12:0 a.m.49 views

Matomo Analytics < 3.9.0 XSS Vulnerability

Matomo Analytics before version 3.9.0 is prone to a cross-site scripting XSS vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...

6.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/01/13 12:0 a.m.39 views

Matomo Analytics < 3.12.0 Multiple Denial-of-Service Vulnerabilities

Matomo Analytics before version 3.12.0 is prone to multiple Denial-of-Service DoS vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.3AI score
Exploits0References1
Rows per page
Query Builder