elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
9.0
EPSS Score
0.003
Published
2021-12-24
elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVSS Score
5.3
EPSS Score
0.006
Published
2021-12-03
elgg is vulnerable to Authorization Bypass Through User-Controlled Key
CVSS Score
4.3
EPSS Score
0.002
Published
2021-12-01
Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-08
Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save.
CVSS Score
4.3
EPSS Score
0.005
Published
2014-02-02