A security issue and some vulnerabilities have been reported in Piwik, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting, script insertion, spoofing, and request forgery attacks.

1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Certain unspecified input is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed

3) The security issue is caused due to the application using the HTTP "X-Forwarded-For" header to determine a client's IP address, which can be exploited to spoof the address by sending a specially crafted request.

4) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain unspecified actions by tricking a user into clicking a specially crafted link via clickjacking.

The security issue and the vulnerabilities are reported in versions prior to 1.1.

Solution
Update to version 1.1 or later.

Provided and/or discovered by
1 - 3) The vendor credits Stefan Esser, SektionEins.
4) The vendor credits Anthon Pang.

The vendor also credits Jarosław Sajko, Pentesters.pl and Fabian Becker.

Changelog
Further details available to Secunia VIM customers

Original Advisory
Piwik:
http://piwik.org/blog/2011/01/piwik-1-1-security-advisory/
http://piwik.org/blog/2011/01/professional-security-audit-in-piwik/
http://dev.piwik.org/trac/ticket/567
http://dev.piwik.org/trac/ticket/1679

Deep Links
Links available to Secunia VIM customers