Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Elgg
(Elgg)| Repositories | https://github.com/Elgg/Elgg |
| #Vulnerabilities | 11 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-12-24 | CVE-2021-4072 | elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Elgg | 5.4 | ||
| 2021-12-03 | CVE-2021-3980 | elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | Elgg | 7.5 | ||
| 2021-12-01 | CVE-2021-3964 | elgg is vulnerable to Authorization Bypass Through User-Controlled Key | Elgg | 5.9 | ||
| 2019-11-12 | CVE-2011-2935 | Elgg through 1.7.10 has XSS | Elgg | N/A | ||
| 2019-11-12 | CVE-2011-2936 | Elgg through 1.7.10 has a SQL injection vulnerability | Elgg | N/A | ||
| 2019-04-08 | CVE-2019-11016 | Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. | Elgg | 6.1 | ||
| 2014-02-02 | CVE-2013-0234 | Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save. | Elgg | N/A | ||
| 2013-05-23 | CVE-2012-6563 | engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors. | Elgg | N/A | ||
| 2013-05-23 | CVE-2012-6562 | engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts. | Elgg | N/A | ||
| 2013-05-23 | CVE-2012-6561 | Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information. | Elgg | N/A |