Piwik < 2.16.0 Unspecified XSS
Medium Nessus Plugin ID 90537
SynopsisA web application hosted on the remote web server is affected by a cross-site scripting vulnerability.
DescriptionThe version of Piwik running on the remote host is prior to 2.16.0.
It is, therefore, affected by an unspecified cross-site scripting (XSS) vulnerability due to a failure to properly validate input before returning it to users. An unauthenticated, remote attacker can exploit this, via a crafted request, to execute arbitrary script code in a user's browser session.
SolutionUpgrade to Piwik version 2.16.0 or later. If necessary, remove any affected versions.