Matomo

Matomo

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-38766

  • EPSS 0.16%
  • Veröffentlicht 02.01.2025 12:15:23
  • Zuletzt bearbeitet 02.01.2025 12:15:23

Cross-Site Request Forgery (CSRF) vulnerability in Matomo Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from n/a through 5.1.1.

6.1

CVE-2023-6923

  • EPSS 2.53%
  • Veröffentlicht 29.02.2024 01:42:49
  • Zuletzt bearbeitet 01.04.2025 15:25:41

The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output esca...

6.1

CVE-2013-0195

  • EPSS 0.47%
  • Veröffentlicht 20.11.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 01:47:02

Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194.

6.1

CVE-2013-0194

  • EPSS 0.47%
  • Veröffentlicht 20.11.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 01:47:02

Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195.

6.1

CVE-2013-0193

  • EPSS 0.47%
  • Veröffentlicht 20.11.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 01:47:02

Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195.

4.3

CVE-2019-12215

Exploit
  • EPSS 0.21%
  • Veröffentlicht 20.05.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:22:26

A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE...

7.5

CVE-2015-7816

Exploit
  • EPSS 0.42%
  • Veröffentlicht 16.11.2015 19:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a craft...

7.5

CVE-2015-7815

Exploit
  • EPSS 1.35%
  • Veröffentlicht 16.11.2015 19:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter.

5

CVE-2013-2633

  • EPSS 0.26%
  • Veröffentlicht 21.03.2013 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters.

4.3

CVE-2013-1844

  • EPSS 0.23%
  • Veröffentlicht 21.03.2013 21:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.