Vulnerabilities > Matomo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-12 | CVE-2022-33156 | Cross-site Scripting vulnerability in Matomo Integration The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS. | 4.3 |
| 2020-12-08 | CVE-2020-29578 | Unspecified vulnerability in Matomo Piwik Fpm-Alpine Docker Image The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. | 10.0 |
| 2019-11-20 | CVE-2013-0195 | Cross-site Scripting vulnerability in Matomo Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2019-11-20 | CVE-2013-0194 | Cross-site Scripting vulnerability in Matomo Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2019-11-20 | CVE-2013-0193 | Cross-site Scripting vulnerability in Matomo Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2019-05-20 | CVE-2019-12215 | Information Exposure Through an Error Message vulnerability in Matomo 3.9.1 A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. | 4.3 |
| 2015-11-16 | CVE-2015-7816 | Unspecified vulnerability in Matomo The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header. | 7.5 |
| 2015-11-16 | CVE-2015-7815 | Path Traversal vulnerability in Matomo Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter. | 7.5 |
| 2013-03-21 | CVE-2013-2633 | Improper Input Validation vulnerability in Matomo Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters. | 5.0 |
| 2013-03-21 | CVE-2013-1844 | Cross-Site Scripting vulnerability in Matomo Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |