Robocoder

**Name of the Vulnerable Software and Affected Versions** Piwik versions prior to 1.1 **Description** The issue allows remote attackers to conduct clickjacking attacks via a crafted web site, making it easier to perform malicious actions by rendering the login form inside a frame in a third-party HTML document. **Recommendations** For versions prior to 1.1, update to version 1.1 or later to prevent the rendering of the login form inside a frame in a third-party HTML document and mitigate the risk of clickjacking attacks.

**Name of the Vulnerable Software and Affected Versions** Piwik versions prior to 1.1 **Description** The issue allows remote attackers to capture the session cookie by intercepting its transmission within an http session, as the secure flag for the session cookie is not set in an https session. **Recommendations** For versions prior to 1.1, update to version 1.1 or later to set the secure flag for the session cookie in an https session.