Vulnerabilities > Matomo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-12 | CVE-2022-33156 | Cross-site Scripting vulnerability in Matomo Integration The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS. | 4.3 |
| 2019-11-20 | CVE-2013-0195 | Cross-site Scripting vulnerability in Matomo Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2019-11-20 | CVE-2013-0194 | Cross-site Scripting vulnerability in Matomo Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2019-11-20 | CVE-2013-0193 | Cross-site Scripting vulnerability in Matomo Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2019-05-20 | CVE-2019-12215 | Information Exposure Through an Error Message vulnerability in Matomo 3.9.1 A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. | 4.3 |
| 2013-03-21 | CVE-2013-2633 | Improper Input Validation vulnerability in Matomo Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters. | 5.0 |
| 2013-03-21 | CVE-2013-1844 | Cross-Site Scripting vulnerability in Matomo Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-11-19 | CVE-2012-4541 | Cross-Site Scripting vulnerability in Matomo Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-09-18 | CVE-2011-4941 | Unspecified vulnerability in Matomo Unspecified vulnerability in Piwik 1.2 through 1.4 allows remote attackers with the view permission to execute arbitrary code via unknown attack vectors. network matomo | 6.8 |
| 2011-09-24 | CVE-2011-3791 | Information Exposure vulnerability in Matomo 1.1 Piwik 1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Widgetize/Widgetize.php and certain other files. | 5.0 |