Piwik : Security Vulnerabilities, CVEs,
The Piwik Mobile 2 (aka org.piwik.mobile2) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Max CVSS
5.4
EPSS Score
0.05%
Published
2014-09-11
Updated
2014-09-22
Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the form_url parameter.
Max CVSS
4.3
EPSS Score
0.42%
Published
2010-05-07
Updated
2019-11-21
2 vulnerabilities found