{"id":2837,"date":"2024-02-07T21:16:28","date_gmt":"2024-02-07T21:16:28","guid":{"rendered":"http:\/\/127.0.0.1\/matomo-4-15-3-reflected-cross-site-scripting-a-traves-de-idsite\/"},"modified":"2024-02-07T21:16:28","modified_gmt":"2024-02-07T21:16:28","slug":"matomo-4-15-3-reflected-cross-site-scripting-a-traves-de-idsite","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/matomo-4-15-3-reflected-cross-site-scripting-a-traves-de-idsite\/","title":{"rendered":"Matomo <= 4.15.3 – Reflected Cross-Site Scripting a trav\u00e9s de idsite"},"content":{"rendered":"
En este art\u00edculo se informa sobre una vulnerabilidad de seguridad en el plugin Matomo Analytics – Ethical Stats. Powerful Insights. para WordPress. El plugin es vulnerable a un tipo de ataque conocido como Reflected Cross-Site Scripting, que permite a atacantes inyectar c\u00f3digo malicioso en p\u00e1ginas web y ejecutarlo en el navegador de los usuarios.<\/div>\n

<\/p>\n

La vulnerabilidad se encuentra en la gesti\u00f3n del par\u00e1metro idsite del plugin. Debido a una insuficiente sanitizaci\u00f3n de la entrada y escape de la salida, atacantes no autenticados pueden aprovechar esto para inyectar scripts web arbitrarios en las p\u00e1ginas y ejecutarlos cuando los usuarios realicen determinadas acciones, como hacer clic en un enlace.<\/p>\n

Para subsanar este problema, se recomienda a los usuarios actualizar el plugin Matomo Analytics a la \u00faltima versi\u00f3n disponible. Adem\u00e1s, se sugiere seguir buenas pr\u00e1cticas de seguridad, como evitar hacer clic en enlaces sospechosos o no confiables y mantener el software y los complementos actualizados regularmente.<\/p><\/div>\n

La vulnerabilidad de Reflected Cross-Site Scripting en el plugin Matomo Analytics – Ethical Stats. Powerful Insights. para WordPress puede ser explotada por atacantes para comprometer la seguridad de los sitios web que lo utilizan. Es importante que los usuarios tomen medidas preventivas, como mantener el software actualizado y seguir buenas pr\u00e1cticas de seguridad en l\u00ednea, para protegerse contra este tipo de ataques.<\/div>\n","protected":false},"excerpt":{"rendered":"

En este art\u00edculo se informa sobre una vulnerabilidad de seguridad en el plugin Matomo Analytics – Ethical Stats. Powerful Insights. para WordPress. El plugin es vulnerable a un tipo de ataque conocido como Reflected Cross-Site Scripting, que permite a atacantes inyectar c\u00f3digo malicioso en p\u00e1ginas web y ejecutarlo en el navegador de los usuarios. La […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[552],"class_list":["post-2837","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2023-6923"],"yoast_head":"\nMatomo <= 4.15.3 - Reflected Cross-Site Scripting a trav\u00e9s de idsite - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/matomo-4-15-3-reflected-cross-site-scripting-a-traves-de-idsite\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Matomo <= 4.15.3 - Reflected Cross-Site Scripting a trav\u00e9s de idsite - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"En este art\u00edculo se informa sobre una vulnerabilidad de seguridad en el plugin Matomo Analytics – Ethical Stats. Powerful Insights. para WordPress. El plugin es vulnerable a un tipo de ataque conocido como Reflected Cross-Site Scripting, que permite a atacantes inyectar c\u00f3digo malicioso en p\u00e1ginas web y ejecutarlo en el navegador de los usuarios. La […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/matomo-4-15-3-reflected-cross-site-scripting-a-traves-de-idsite\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-07T21:16:28+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/matomo-4-15-3-reflected-cross-site-scripting-a-traves-de-idsite\/\",\"url\":\"http:\/\/127.0.0.1\/matomo-4-15-3-reflected-cross-site-scripting-a-traves-de-idsite\/\",\"name\":\"Matomo <= 4.15.3 - Reflected Cross-Site Scripting a trav\u00e9s de idsite - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-02-07T21:16:28+00:00\",\"dateModified\":\"2024-02-07T21:16:28+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/matomo-4-15-3-reflected-cross-site-scripting-a-traves-de-idsite\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/matomo-4-15-3-reflected-cross-site-scripting-a-traves-de-idsite\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/matomo-4-15-3-reflected-cross-site-scripting-a-traves-de-idsite\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Matomo <= 4.15.3 – Reflected Cross-Site Scripting a trav\u00e9s de idsite\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Matomo <= 4.15.3 - Reflected Cross-Site Scripting a trav\u00e9s de idsite - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/matomo-4-15-3-reflected-cross-site-scripting-a-traves-de-idsite\/","og_locale":"en_US","og_type":"article","og_title":"Matomo <= 4.15.3 - Reflected Cross-Site Scripting a trav\u00e9s de idsite - SeguridadWordPress.es","og_description":"En este art\u00edculo se informa sobre una vulnerabilidad de seguridad en el plugin Matomo Analytics – Ethical Stats. Powerful Insights. para WordPress. El plugin es vulnerable a un tipo de ataque conocido como Reflected Cross-Site Scripting, que permite a atacantes inyectar c\u00f3digo malicioso en p\u00e1ginas web y ejecutarlo en el navegador de los usuarios. La […]","og_url":"http:\/\/127.0.0.1\/matomo-4-15-3-reflected-cross-site-scripting-a-traves-de-idsite\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-02-07T21:16:28+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/matomo-4-15-3-reflected-cross-site-scripting-a-traves-de-idsite\/","url":"http:\/\/127.0.0.1\/matomo-4-15-3-reflected-cross-site-scripting-a-traves-de-idsite\/","name":"Matomo <= 4.15.3 - Reflected Cross-Site Scripting a trav\u00e9s de idsite - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-02-07T21:16:28+00:00","dateModified":"2024-02-07T21:16:28+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/matomo-4-15-3-reflected-cross-site-scripting-a-traves-de-idsite\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/matomo-4-15-3-reflected-cross-site-scripting-a-traves-de-idsite\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/matomo-4-15-3-reflected-cross-site-scripting-a-traves-de-idsite\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Matomo <= 4.15.3 – Reflected Cross-Site Scripting a trav\u00e9s de idsite"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2837"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2837"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2837\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2837"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2837"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2837"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}