Vulnerabilities > Elgg
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-24 | CVE-2021-4072 | Cross-site Scripting vulnerability in Elgg elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 3.5 |
2021-12-03 | CVE-2021-3980 | Privacy Violation vulnerability in Elgg elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | 5.0 |
2021-12-01 | CVE-2021-3964 | Authorization Bypass Through User-Controlled Key vulnerability in Elgg elgg is vulnerable to Authorization Bypass Through User-Controlled Key | 4.3 |
2019-11-12 | CVE-2011-2936 | SQL Injection vulnerability in Elgg Elgg through 1.7.10 has a SQL injection vulnerability | 7.5 |
2019-11-12 | CVE-2011-2935 | Cross-site Scripting vulnerability in Elgg Elgg through 1.7.10 has XSS | 4.3 |
2019-04-08 | CVE-2019-11016 | Open Redirect vulnerability in Elgg Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. | 5.8 |
2014-02-02 | CVE-2013-0234 | Cross-Site Scripting vulnerability in Elgg Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save. | 4.3 |
2013-05-23 | CVE-2012-6563 | Permissions, Privileges, and Access Controls vulnerability in Elgg engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors. | 4.3 |
2013-05-23 | CVE-2012-6562 | Permissions, Privileges, and Access Controls vulnerability in Elgg engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts. | 6.8 |
2013-05-23 | CVE-2012-6561 | Cross-Site Scripting vulnerability in Elgg Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. | 4.3 |