Vulnerabilities (CVE)

Filtered by vendor Elgg Subscribe
Total 11 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-4072 1 Elgg 1 Elgg 2024-11-21 3.5 LOW 5.4 MEDIUM
elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3980 1 Elgg 1 Elgg 2024-11-21 5.0 MEDIUM 7.5 HIGH
elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVE-2021-3964 1 Elgg 1 Elgg 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
elgg is vulnerable to Authorization Bypass Through User-Controlled Key
CVE-2019-11016 1 Elgg 1 Elgg 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect.
CVE-2013-0234 1 Elgg 1 Elgg 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save.
CVE-2012-6563 1 Elgg 1 Elgg 2024-11-21 4.3 MEDIUM N/A
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.
CVE-2012-6562 1 Elgg 1 Elgg 2024-11-21 6.8 MEDIUM N/A
engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.
CVE-2012-6561 1 Elgg 1 Elgg 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2011-3733 1 Elgg 1 Elgg 2024-11-21 5.0 MEDIUM N/A
Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files.
CVE-2011-2936 1 Elgg 1 Elgg 2024-11-21 7.5 HIGH 9.8 CRITICAL
Elgg through 1.7.10 has a SQL injection vulnerability
CVE-2011-2935 1 Elgg 1 Elgg 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Elgg through 1.7.10 has XSS