Vulnerabilities > Matomo > Matomo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-20 | CVE-2013-0195 | Cross-site Scripting vulnerability in Matomo Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2019-11-20 | CVE-2013-0194 | Cross-site Scripting vulnerability in Matomo Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2019-11-20 | CVE-2013-0193 | Cross-site Scripting vulnerability in Matomo Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2019-05-20 | CVE-2019-12215 | Information Exposure Through an Error Message vulnerability in Matomo 3.9.1 A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. | 4.3 |
| 2015-11-16 | CVE-2015-7816 | Unspecified vulnerability in Matomo The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header. | 7.5 |
| 2015-11-16 | CVE-2015-7815 | Path Traversal vulnerability in Matomo Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter. | 7.5 |
| 2013-03-21 | CVE-2013-2633 | Improper Input Validation vulnerability in Matomo Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters. | 5.0 |
| 2013-03-21 | CVE-2013-1844 | Cross-Site Scripting vulnerability in Matomo Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-11-19 | CVE-2012-4541 | Cross-Site Scripting vulnerability in Matomo Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-09-18 | CVE-2011-4941 | Unspecified vulnerability in Matomo Unspecified vulnerability in Piwik 1.2 through 1.4 allows remote attackers with the view permission to execute arbitrary code via unknown attack vectors. network matomo | 6.8 |