5 matches found
CVE-2010-1453
Cross-site scripting XSS vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the formurl parameter...
FreeBSD Ports: piwik
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Piwik < 0.6 form_url参数跨站脚本漏洞
BugCVE: CVE-2010-1453 BUGTRAQ: 39144 Piwik是一款利用Php+MySQL技术构建的开源网页访问统计系统。 Piwik没有正确地过滤提交给index.php页面的formurl参数便返回给了用户,攻击者诱骗用户跟随恶意的登录URL链接就可以执行反射式跨站脚本攻击,导致在用户浏览器会话中执行任意HTML和脚本代码。 Piwik 0.6 厂商补丁: Piwik ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://piwik.org/latest.zip...
CVE-2010-1453
Cross-site scripting XSS vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the formurl parameter...
CVE-2010-1453
The CVE-2010-1453 issue affects Piwik up to v0.5.5, where the Login form did not properly filter the form_url parameter, enabling reflected XSS. Affected versions include 0.1.6 through 0.5.5; exploitation allows remote injection of arbitrary script/HTML via form_url. Several connected sources (Re...