A Piwik XSS vulnerability is fixed by the latest Piwik 0.6 release. The advisory is published here: http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/
Description: A non-persistent, cross-site scripting vulnerability (XSS) was found in Piwik's Login form that reflected the form_url parameter without being properly escaped or filtered. To exploit this vulnerability, the attacker tricks a Piwik user into visiting a Login URL crafted by... Cheers, Alexandro Silva _______________________________________________ gnome-infrastructure mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
