Filtered by vendor Elgg Subscriptions
Filtered by product Elgg Subscriptions
Total 11 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-3733 1 Elgg 1 Elgg 2022-10-03 N/A
Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files.
CVE-2021-4072 1 Elgg 1 Elgg 2022-01-03 5.4 Medium
elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3980 1 Elgg 1 Elgg 2021-12-06 7.5 High
elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVE-2021-3964 1 Elgg 1 Elgg 2021-12-02 5.9 Medium
elgg is vulnerable to Authorization Bypass Through User-Controlled Key
CVE-2011-2935 1 Elgg 1 Elgg 2019-11-13 6.1 Medium
Elgg through 1.7.10 has XSS
CVE-2011-2936 1 Elgg 1 Elgg 2019-11-12 9.8 Critical
Elgg through 1.7.10 has a SQL injection vulnerability
CVE-2019-11016 1 Elgg 1 Elgg 2019-04-09 N/A
Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect.
CVE-2012-6563 1 Elgg 1 Elgg 2017-08-29 N/A
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.
CVE-2012-6562 1 Elgg 1 Elgg 2017-08-29 N/A
engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.
CVE-2012-6561 1 Elgg 1 Elgg 2017-08-29 N/A
Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2013-0234 1 Elgg 1 Elgg 2014-02-21 N/A
Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save.