Vulnerabilities > Matomo

DATE CVE VULNERABILITY TITLE RISK
2022-07-12 CVE-2022-33156 Cross-site Scripting vulnerability in Matomo Integration
The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS.
network
low complexity
matomo CWE-79
6.1
2020-12-08 CVE-2020-29578 Unspecified vulnerability in Matomo Piwik Fpm-Alpine Docker Image
The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user.
network
low complexity
matomo
critical
9.8
2019-11-20 CVE-2013-0195 Cross-site Scripting vulnerability in Matomo
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
matomo CWE-79
6.1
2019-11-20 CVE-2013-0194 Cross-site Scripting vulnerability in Matomo
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
matomo CWE-79
6.1
2019-11-20 CVE-2013-0193 Cross-site Scripting vulnerability in Matomo
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
matomo CWE-79
6.1
2019-05-20 CVE-2019-12215 Information Exposure Through an Error Message vulnerability in Matomo 3.9.1
A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig.
network
low complexity
matomo CWE-209
4.3