Vulnerabilities > Matomo
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-12 | CVE-2022-33156 | Cross-site Scripting vulnerability in Matomo Integration The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS. | 6.1 |
2020-12-08 | CVE-2020-29578 | Unspecified vulnerability in Matomo Piwik Fpm-Alpine Docker Image The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. | 9.8 |
2019-11-20 | CVE-2013-0195 | Cross-site Scripting vulnerability in Matomo Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2019-11-20 | CVE-2013-0194 | Cross-site Scripting vulnerability in Matomo Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2019-11-20 | CVE-2013-0193 | Cross-site Scripting vulnerability in Matomo Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2019-05-20 | CVE-2019-12215 | Information Exposure Through an Error Message vulnerability in Matomo 3.9.1 A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. | 4.3 |