VYPR
Vendor

Elgg

Products
1
CVEs
12
Across products
12
Status
Private

Products

1

Recent CVEs

12
  • CVE-2011-2936CriNov 12, 2019
    risk 0.64cvss 9.8epss 0.02

    Elgg through 1.7.10 has a SQL injection vulnerability

  • CVE-2021-3980HigDec 3, 2021
    risk 0.42cvss 7.5epss 0.02

    elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

  • CVE-2019-11016MedApr 8, 2019
    risk 0.40cvss 6.1epss 0.01

    Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect.

  • CVE-2011-2935MedNov 12, 2019
    risk 0.33cvss 6.1epss 0.01

    Elgg through 1.7.10 has XSS

  • CVE-2021-3964MedDec 1, 2021
    risk 0.31cvss 5.9epss 0.01

    elgg is vulnerable to Authorization Bypass Through User-Controlled Key

  • CVE-2021-4072MedDec 24, 2021
    risk 0.28cvss 5.4epss 0.01

    elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

  • CVE-2009-3149Sep 10, 2009
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in _css/js.php in Elgg 1.5, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the js parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2013-0234Feb 2, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save.

  • CVE-2012-6563May 23, 2013
    risk 0.00cvss epss 0.01

    engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.

  • CVE-2012-6562May 23, 2013
    risk 0.00cvss epss 0.01

    engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.

  • CVE-2012-6561May 23, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information.

  • CVE-2011-3733Sep 23, 2011
    risk 0.00cvss epss 0.01

    Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files.