CVEDB API

Vulnerabilities

Vulnerable Software

Matomo: >> Matomo >> 1.5.1 Security Vulnerabilities

CVE-2013-0193

Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195.

CVSS Score

6.1

EPSS Score

0.005

Published

2019-11-20

CVE-2013-0194

CVSS Score

6.1

EPSS Score

0.005

Published

2019-11-20

CVE-2013-0195

CVSS Score

6.1

EPSS Score

0.005

Published

2019-11-20

CVE-2015-7816

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header.

CVSS Score

7.5

EPSS Score

0.004

Published

2015-11-16

CVE-2015-7815

Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter.

CVSS Score

7.5

EPSS Score

0.008

Published

2015-11-16

CVE-2013-2633

Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters.

CVSS Score

5.0

EPSS Score

0.003

Published

2013-03-21

CVE-2013-1844

Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

4.3

EPSS Score

0.002

Published

2013-03-21

CVE-2012-4541

Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

4.3

EPSS Score

0.003

Published

2012-11-19

Page 1

Vulnerabilities

Vulnerable Software

Matomo: >> Matomo >> 1.5.1 Security Vulnerabilities

Products

Pricing

Contact Us