CVE Tools

matomo

Enterprise Softwarecommercial

19

Cumulative CVEs

10

Monthly snapshots

#27

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting matomo.

CVE-2025-4415Piwik PRO - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-0584.8May 21, 2025
CVE-2023-6923Matomo <= 4.15.3 - Reflected Cross-Site Scripting via idsite6.1Feb 20, 2024
CVE-2022-33156The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS.6.1Jul 12, 2022
CVE-2020-29578The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker i...9.8Dec 8, 2020
CVE-2013-0195Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 ...6.1Nov 20, 2019
CVE-2013-0194Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 ...6.1Nov 20, 2019
CVE-2013-0193Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 ...6.1Nov 20, 2019
CVE-2019-12215A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in p...4.3May 20, 2019
CVE-2015-7816The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF...7.5Nov 16, 2015
CVE-2015-7815Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter.7.5Nov 16, 2015
CVE-2013-2633Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of p...5.0Mar 21, 2013
CVE-2013-1844Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.4.3Mar 21, 2013
CVE-2012-4541Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.4.3Nov 19, 2012
CVE-2011-4941Unspecified vulnerability in Piwik 1.2 through 1.4 allows remote attackers with the view permission to execute arbitrary code via unknown attack vectors.6.8Sep 18, 2012
CVE-2011-3791Piwik 1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Widgetize/...5.0Sep 24, 2011