On Thu, May 6, 2010 at 4:08 AM, Alexandro Silva <[email protected]> wrote: > A Piwik XSS vulnerability is fixed by the latest Piwik 0.6 release. The > advisory is published here: > http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/ > > Description: > > A non-persistent, cross-site scripting vulnerability (XSS) was found in > Piwik's Login form that reflected the form_url parameter without being > properly escaped or filtered. To exploit this vulnerability, the attacker > tricks a Piwik user into visiting a Login URL crafted by... > > Cheers, > > Alexandro Silva
Are you going to upgrade it or should someone else in the team take care of this? -- Jeff Schroeder Don't drink and derive, alcohol and analysis don't mix. http://www.digitalprognosis.com _______________________________________________ gnome-infrastructure mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
