139 matches found
CVE-2022-33156
The matomointegration aka Matomo Integration extension before 1.3.2 for TYPO3 allows XSS...
CVE-2022-33156
The matomointegration aka Matomo Integration extension before 1.3.2 for TYPO3 allows XSS...
Cross site scripting
The matomointegration aka Matomo Integration extension before 1.3.2 for TYPO3 allows XSS...
CVE-2022-33156
The matomointegration aka Matomo Integration extension before 1.3.2 for TYPO3 allows XSS...
CVE-2022-33156
The CVE-2022-33156 entry concerns the matomo_integration (TYPO3) extension, with vulnerable versions prior to 1.3.2. Concrete details from connected sources indicate: (1) vulnerability is Cross-Site Scripting (XSS) due to improper encoding of user input in HTML output, (2) exploitation generally ...
Malicious code in matomo-analytics-cloudflare-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 379cfcf198b8b35c36cafb16790478cac75d84f6f4c52217add6893135f41d02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4496 Malicious code in matomo-analytics-cloudflare-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 379cfcf198b8b35c36cafb16790478cac75d84f6f4c52217add6893135f41d02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Cross-Site Scripting (XSS)
brotkrueml/typo3-matomo-integration is vulnerable to cross-site scripting. The vulnerability exists in convertStringValue function in MatomoMethodCall.php because the content from PSR-14 events are not properly escaped which allows an attackers to inject and execute arbitrary javascript...
GHSA-GVXV-P9RV-GMCG brotkrueml/typo3-matomo-integration vulnerable to Cross-Site Scripting
The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...
brotkrueml/typo3-matomo-integration vulnerable to Cross-Site Scripting
The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...
PT-2022-21716 · Typo3 · Wp-Matomo Integration
Name of the Vulnerable Software and Affected Versions: matomo integration extension versions prior to 1.3.2 Description: The issue allows for XSS due to the extension's failure to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit this issue...
Piwik (now Matomo) Reveals Sensitive Information by Accepting Input from `POST` Requests
Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters...
WP-Matomo Integration (WP-Piwik) < 1.0.27 - Plugin Settings Reset via CSRF
The plugin does not have CSRF when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack PoC https://example.com/wp-admin/options-general.php?page=wp-piwik%2Fclasses%2FWPPiwik.php=2...
WP-Matomo Integration (WP-Piwik) < 1.0.27 - Plugin Settings Reset via CSRF
The plugin does not have CSRF when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack https://example.com/wp-admin/options-general.php?page=wp-piwik%2Fclasses%2FWPPiwik.php&clear=2...
Docker Image Matomo Piwik Security Vulnerability
Docker is an open source application container engine from the American company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment, and upgrading of applications...
Matomo Analytics < 3.13.6 LDAP Plugin Vulnerability
Matomo Analytics before version 3.13.6 is prone to an unspecified vulnerability in the LDAP plugin. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Matomo Analytics < 3.13.4 XSS Vulnerability
Matomo Analytics before version 3.13.4 is prone to a cross-site scripting XSS vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...
Matomo Analytics < 3.13.1 SQL Injection Vulnerability
Matomo Analytics before version 3.13.1 is prone to an SQL injection vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...
Matomo Analytics < 3.9.0 XSS Vulnerability
Matomo Analytics before version 3.9.0 is prone to a cross-site scripting XSS vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...
Matomo Analytics < 3.12.0 Multiple Denial-of-Service Vulnerabilities
Matomo Analytics before version 3.12.0 is prone to multiple Denial-of-Service DoS vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...