CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9405 – WP-Matomo Integration (WP-Piwik) < 1.0.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9405
13 Oct 2015 — The wp-piwik plugin before 1.0.5 for WordPress has XSS. El plugin wp-piwik versiones anteriores a 1.0.5 para WordPress, presenta una vulnerabilidad de tipo XSS. • https://github.com/braekling/WP-Matomo/commit/5110bfdb437a9f19b185ba8af33776fcb5e19940 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5871
https://notcve.org/view.php?id=CVE-2014-5871
11 Sep 2014 — The Piwik Mobile 2 (aka org.piwik.mobile2) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Piwik Mobile 2 (también conocido como org.piwik.mobile2) 2.0.1 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certifi... • http://www.kb.cert.org/vuls/id/582497 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 1CVE-2010-1453 – Piwik 0.5.5 - 'form_url' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-1453
07 May 2010 — Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the form_url parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el formulario de login en Piwik v0.1.6 hasta v0.5.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro "form_url". • https://www.exploit-db.com/exploits/33814 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •