Skip to main content

Elgg

8 CVEs product

Monthly

CVE-2021-4072 PHP MEDIUM POC PATCH This Month

elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Elgg
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-3980 PHP HIGH POC PATCH This Week

elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Elgg
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-3964 PHP MEDIUM POC PATCH This Month

elgg is vulnerable to Authorization Bypass Through User-Controlled Key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Elgg
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2019-11016 PHP MEDIUM PATCH This Month

Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Elgg
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2013-0234 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Elgg
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-6563 MEDIUM PATCH This Month

engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP Privilege Escalation Elgg
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6562 MEDIUM PATCH This Month

engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

PHP Privilege Escalation Elgg
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2012-6561 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Elgg
NVD
CVSS 2.0
4.3
EPSS
0.4%
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Elgg
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Elgg
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM POC PATCH This Month

elgg is vulnerable to Authorization Bypass Through User-Controlled Key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Elgg
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Elgg
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Elgg
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP Privilege Escalation Elgg
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

PHP Privilege Escalation Elgg
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Elgg
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy