Elgg

elgg

11 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (11)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-4072 1Elgg 1Elgg Nov 21, 2024 Dec 24, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3980 1Elgg 1Elgg Nov 21, 2024 Dec 3, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVE-2021-3964 1Elgg 1Elgg Nov 21, 2024 Dec 1, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 elgg is vulnerable to Authorization Bypass Through User-Controlled Key
CVE-2011-2936 1Elgg 1Elgg Nov 21, 2024 Nov 12, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Elgg through 1.7.10 has a SQL injection vulnerability
CVE-2011-2935 1Elgg 1Elgg Nov 21, 2024 Nov 12, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Elgg through 1.7.10 has XSS
CVE-2019-11016 1Elgg 1Elgg Nov 21, 2024 Apr 8, 2019 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect.
CVE-2013-0234 1Elgg 1Elgg Apr 29, 2026 Feb 2, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to ac...Show more Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save.Show less
CVE-2012-6563 1Elgg 1Elgg Apr 29, 2026 May 23, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.
CVE-2012-6562 1Elgg 1Elgg Apr 29, 2026 May 23, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.
CVE-2012-6561 1Elgg 1Elgg Apr 29, 2026 May 23, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are o...Show more Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information.Show less
CVE-2011-3733 1Elgg 1Elgg Apr 29, 2026 Sep 23, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php...Show more Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files.Show less