RSS   Vulnerabilities for 'ELGG'   RSS

2021-12-03
 
CVE-2021-3980

CWE-359
 
 
elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

 
2021-12-01
 
CVE-2021-3964

CWE-639
 
 
elgg is vulnerable to Authorization Bypass Through User-Controlled Key

 
2019-11-12
 
CVE-2011-2936

CWE-89
 
 
Elgg through 1.7.10 has a SQL injection vulnerability

 
 
CVE-2011-2935

CWE-79
 
 
Elgg through 1.7.10 has XSS

 
2019-04-08
 
CVE-2019-11016

 
 
Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect.

 
2014-02-02
 
CVE-2013-0234

CWE-79
 
 
Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save.

 
2013-05-23
 
CVE-2012-6563

CWE-264
 
 
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.

 
 
CVE-2012-6562

CWE-264
 
 
engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.

 
 
CVE-2012-6561

CWE-79
 
 
Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information.

 
2011-09-23
 
CVE-2011-3733

CWE-200
 
 
Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files.

 

Copyright 2024, cxsecurity.com

 

Back to Top