Shodan
Vulnerabilities
Vulnerable Software
Matomo:  >> Matomo  >> 0.2.22  Security Vulnerabilities
CVE-2013-0193
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-11-20
CVE-2013-0194
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-11-20
CVE-2013-0195
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-11-20
CVE-2015-7816
The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header.
CVSS Score
7.5
EPSS Score
0.004
Published
2015-11-16
CVE-2015-7815
Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter.
CVSS Score
7.5
EPSS Score
0.008
Published
2015-11-16
CVE-2013-2633
Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters.
CVSS Score
5.0
EPSS Score
0.003
Published
2013-03-21
CVE-2013-1844
Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.002
Published
2013-03-21
CVE-2012-4541
Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2012-11-19
CVE-2011-0004
Multiple cross-site scripting (XSS) vulnerabilities in Piwik before 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.007
Published
2011-01-10
CVE-2011-0398
The Piwik_Common::getIP function in Piwik before 1.1 does not properly determine the client IP address, which allows remote attackers to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoofing of the X-Forwarded-For HTTP header.
CVSS Score
6.4
EPSS Score
0.003
Published
2011-01-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved