Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
CVSS Score
4.3
EPSS Score
0.004
Published
2011-01-10
Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVSS Score
5.0
EPSS Score
0.004
Published
2011-01-10
Piwik before 1.1 does not properly limit the number of files stored under tmp/sessions/, which might allow remote attackers to cause a denial of service (inode consumption) by establishing many sessions.
CVSS Score
5.0
EPSS Score
0.012
Published
2011-01-10
Page 2