Moderate severityNVD Advisory· Published Nov 12, 2019· Updated Aug 6, 2024

CVE-2011-2935

Description

Elgg through 1.7.10 has XSS

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
elgg/elggPackagist	< 1.7.11	1.7.11

Affected products

Elgg/Elggv5
Range: through 1.7.10

Patches

2843b4f84687

html encoding internalname for embed modal to prevent XSS vector.

https://github.com/Elgg/ElggBrett ProfittAug 5, 2011via ghsa

commit

1 file changed · +1 −0

mod/embed/embed.php+1 −0 modified

@@ -5,6 +5,7 @@
 		
 	// Get the name of the form field we need to inject into
 		$internalname = get_input('internalname');
+		$internalname = htmlentities($internalname);
 		
 		if (!isloggedin()) exit;

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

access.redhat.com/security/cve/cve-2011-2935mitrevendor-advisoryx_refsource_REDHAT
github.com/advisories/GHSA-mcfm-j5g6-w26fghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2011-2935ghsaADVISORY
security-tracker.debian.org/tracker/CVE-2011-2935ghsavendor-advisoryx_refsource_DEBIANWEB
yehg.net/lab/pr0js/advisories/[elgg_1710]_xss_sqlinghsaWEB
github.com/Elgg/Elgg/commit/2843b4f846874d434a2403ac1f27e41035b45e04ghsaWEB
github.com/Elgg/Elgg/issues/3544ghsaWEB
oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilitiesghsax_refsource_MISCWEB
web.archive.org/web/20110907122607/http://blog.elgg.org/pg/blog/brett/read/189/elgg-1711-releasedghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000