Elgg » Elgg » 1.7.6 : Security Vulnerabilities
Cpe Name:
cpe:/a:elgg:elgg:1.7.6
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2019-11016 |
601 |
|
|
2019-04-08 |
2019-04-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. |
2 |
CVE-2013-0234 |
79 |
|
XSS |
2014-02-02 |
2014-02-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save. |
3 |
CVE-2012-6563 |
264 |
|
|
2013-05-23 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors. |
4 |
CVE-2012-6562 |
264 |
|
|
2013-05-23 |
2017-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts. |
5 |
CVE-2012-6561 |
79 |
|
XSS |
2013-05-23 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information. |
6 |
CVE-2011-3733 |
200 |
|
+Info |
2011-09-23 |
2012-03-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files. |
Total number of vulnerabilities :
6
Page :
1
(This Page)