Vulnerabilities > Matomo > Matomo > 0.5.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-01-10 | CVE-2011-0399 | Multiple Security vulnerability in Piwik Prior to 1.1 Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. network matomo | 4.3 |
2011-01-10 | CVE-2011-0398 | Permissions, Privileges, and Access Controls vulnerability in Matomo The Piwik_Common::getIP function in Piwik before 1.1 does not properly determine the client IP address, which allows remote attackers to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoofing of the X-Forwarded-For HTTP header. | 6.4 |
2011-01-10 | CVE-2011-0004 | Cross-Site Scripting vulnerability in Matomo Multiple cross-site scripting (XSS) vulnerabilities in Piwik before 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-05-07 | CVE-2010-1453 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the form_url parameter. | 4.3 |