FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

piwik -- cross site scripting vulnerability

Affected packages
piwik <= 0.5.5

Details

VuXML ID c0869649-5a0c-11df-942d-0015587e2cc1
Discovery 2010-04-15
Entry 2010-05-07

The Piwik security advisory reports:

A non-persistent, cross-site scripting vulnerability (XSS) was found in Piwik's Login form that reflected the form_url parameter without being properly escaped or filtered.

References

CVE Name CVE-2010-1453
URL http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/