You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
BugFor errors / faults / flaws / inconsistencies etc.CriticalIndicates the severity of an issue is very critical and the issue has a very high priority.
While [fixed the issue (by validating/filtering/escaping form_url), 2047 is a better solution -- it eliminates form_url entirely as a parameter/hidden form field.
I've drafted a blog entry for the security advisory and will request a CVE later for the 0.6 release.
BugFor errors / faults / flaws / inconsistencies etc.CriticalIndicates the severity of an issue is very critical and the issue has a very high priority.
I saw on twitter a Piwik XSS tweet pointing to http://packetstormsecurity.org/1003-exploits/piwik-xss.txt
we should fix it and check other variables to ensure there is no xss left.
I re-enabled the sensitive ticket plugin for this one, and set it to sensitive, which seems to work.
The text was updated successfully, but these errors were encountered: