=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN012
_____________________________________________________________________

DATE                      : 07/01/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Piwik versions prior to 1.1.

======================================================================
http://piwik.org/blog/2011/01/piwik-1-1-security-advisory/
______________________________________________________________________

Multiple XSS vulnerabilties are fixed by the Piwik 1.1 release.

Description:

Piwik versions prior to 1.1 are vulnerable to multiple XSS vulnerabilities,
both persistent and reflected.

This security update is rated critical, and Piwik users are strongly
encouraged to update to the latest version of Piwik.

The Piwik project and community thanks Stefan Esser of SektionEins for
leading the software security audit. The Piwik project also appreciates
the coordinated disclosures from Jarosław Sajko of Pentesters.pl, and
Piwik contributor, Fabian Becker.

References:

    * CVE-2011-004

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================