elgg

Top products

The 11 most recently published vulnerabilities affecting elgg.

• CVE-2021-4072Cross-site Scripting (XSS) - Stored in elgg/elgg5.4Dec 24, 2021
• CVE-2021-3980Exposure of Private Personal Information to an Unauthorized Actor in elgg/elgg7.5Dec 3, 2021
• CVE-2021-3964Authorization Bypass Through User-Controlled Key in elgg/elgg5.9Dec 1, 2021
• CVE-2011-2936Elgg through 1.7.10 has a SQL injection vulnerability9.8Nov 12, 2019
• CVE-2011-2935Elgg through 1.7.10 has XSS6.1Nov 12, 2019
• CVE-2019-11016Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect.6.1Apr 8, 2019
• CVE-2013-0234Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_us...4.3Feb 2, 2014
• CVE-2012-6563engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.4.3May 23, 2013
• CVE-2012-6562engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.6.8May 23, 2013
• CVE-2012-6561Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some...4.3May 23, 2013
• CVE-2011-3733Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletes...5.0Sep 23, 2011