Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
22 vulnerabilities by Elgg
CVE-2021-4072 (GCVE-0-2021-4072)
Vulnerability from nvd – Published: 2021-12-24 13:25 – Updated: 2024-08-03 17:16
VLAI
Title
Cross-site Scripting (XSS) - Stored in elgg/elgg
Summary
elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/74034253-732a-4251-a0f… | x_refsource_CONFIRM |
| https://github.com/elgg/elgg/commit/c30b17bf75256… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:03.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/74034253-732a-4251-a0f9-eca5f576c955"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/elgg/elgg/commit/c30b17bf75256ed3fcc84e2083147cc3951423d0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "elgg/elgg",
"vendor": "elgg",
"versions": [
{
"lessThan": "3.3.24",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "elgg is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-24T13:25:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/74034253-732a-4251-a0f9-eca5f576c955"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/elgg/elgg/commit/c30b17bf75256ed3fcc84e2083147cc3951423d0"
}
],
"source": {
"advisory": "74034253-732a-4251-a0f9-eca5f576c955",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in elgg/elgg",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4072",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in elgg/elgg"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "elgg/elgg",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.24"
}
]
}
}
]
},
"vendor_name": "elgg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "elgg is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/74034253-732a-4251-a0f9-eca5f576c955",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/74034253-732a-4251-a0f9-eca5f576c955"
},
{
"name": "https://github.com/elgg/elgg/commit/c30b17bf75256ed3fcc84e2083147cc3951423d0",
"refsource": "MISC",
"url": "https://github.com/elgg/elgg/commit/c30b17bf75256ed3fcc84e2083147cc3951423d0"
}
]
},
"source": {
"advisory": "74034253-732a-4251-a0f9-eca5f576c955",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4072",
"datePublished": "2021-12-24T13:25:09.000Z",
"dateReserved": "2021-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:16:03.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3980 (GCVE-0-2021-3980)
Vulnerability from nvd – Published: 2021-12-03 15:05 – Updated: 2024-08-03 17:09
VLAI
Title
Exposure of Private Personal Information to an Unauthorized Actor in elgg/elgg
Summary
elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
Severity
5.3 (Medium)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/1f43f11e-4bd8-451f-a24… | x_refsource_CONFIRM |
| https://github.com/elgg/elgg/commit/572d210e2392f… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/1f43f11e-4bd8-451f-a244-dc9541cdc0ac"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/elgg/elgg/commit/572d210e2392f1fdf47ff2f38665372a6535c126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "elgg/elgg",
"vendor": "elgg",
"versions": [
{
"lessThan": "3.3.23",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-03T15:05:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/1f43f11e-4bd8-451f-a244-dc9541cdc0ac"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/elgg/elgg/commit/572d210e2392f1fdf47ff2f38665372a6535c126"
}
],
"source": {
"advisory": "1f43f11e-4bd8-451f-a244-dc9541cdc0ac",
"discovery": "EXTERNAL"
},
"title": "Exposure of Private Personal Information to an Unauthorized Actor in elgg/elgg",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3980",
"STATE": "PUBLIC",
"TITLE": "Exposure of Private Personal Information to an Unauthorized Actor in elgg/elgg"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "elgg/elgg",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.23"
}
]
}
}
]
},
"vendor_name": "elgg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1f43f11e-4bd8-451f-a244-dc9541cdc0ac",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1f43f11e-4bd8-451f-a244-dc9541cdc0ac"
},
{
"name": "https://github.com/elgg/elgg/commit/572d210e2392f1fdf47ff2f38665372a6535c126",
"refsource": "MISC",
"url": "https://github.com/elgg/elgg/commit/572d210e2392f1fdf47ff2f38665372a6535c126"
}
]
},
"source": {
"advisory": "1f43f11e-4bd8-451f-a244-dc9541cdc0ac",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3980",
"datePublished": "2021-12-03T15:05:10.000Z",
"dateReserved": "2021-11-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3964 (GCVE-0-2021-3964)
Vulnerability from nvd – Published: 2021-12-01 11:25 – Updated: 2024-08-03 17:09
VLAI
Title
Authorization Bypass Through User-Controlled Key in elgg/elgg
Summary
elgg is vulnerable to Authorization Bypass Through User-Controlled Key
Severity
4.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/a4df45d6-b739-4299-967… | x_refsource_CONFIRM |
| https://github.com/elgg/elgg/commit/d9fcad76ee380… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a4df45d6-b739-4299-967f-c960b569383a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/elgg/elgg/commit/d9fcad76ee380ea17edd61d13d0f87828ea3f744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "elgg/elgg",
"vendor": "elgg",
"versions": [
{
"lessThan": "3.3.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "elgg is vulnerable to Authorization Bypass Through User-Controlled Key"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T11:25:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a4df45d6-b739-4299-967f-c960b569383a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/elgg/elgg/commit/d9fcad76ee380ea17edd61d13d0f87828ea3f744"
}
],
"source": {
"advisory": "a4df45d6-b739-4299-967f-c960b569383a",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in elgg/elgg",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3964",
"STATE": "PUBLIC",
"TITLE": "Authorization Bypass Through User-Controlled Key in elgg/elgg"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "elgg/elgg",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.22"
}
]
}
}
]
},
"vendor_name": "elgg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "elgg is vulnerable to Authorization Bypass Through User-Controlled Key"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a4df45d6-b739-4299-967f-c960b569383a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a4df45d6-b739-4299-967f-c960b569383a"
},
{
"name": "https://github.com/elgg/elgg/commit/d9fcad76ee380ea17edd61d13d0f87828ea3f744",
"refsource": "MISC",
"url": "https://github.com/elgg/elgg/commit/d9fcad76ee380ea17edd61d13d0f87828ea3f744"
}
]
},
"source": {
"advisory": "a4df45d6-b739-4299-967f-c960b569383a",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3964",
"datePublished": "2021-12-01T11:25:10.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2936 (GCVE-0-2011-2936)
Vulnerability from nvd – Published: 2019-11-12 13:47 – Updated: 2024-08-06 23:15
VLAI
Summary
Elgg through 1.7.10 has a SQL injection vulnerability
Severity
No CVSS data available.
CWE
- unspecified
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://oss-security.openwall.narkive.com/1UH3NYx… | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | vendor-advisoryx_refsource_DEBIAN |
| https://access.redhat.com/security/cve/cve-2011-2936 | vendor-advisoryx_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:31.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities"
},
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2936"
},
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2936"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Elgg",
"vendor": "Elgg",
"versions": [
{
"status": "affected",
"version": "through 1.7.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Elgg through 1.7.10 has a SQL injection vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T13:47:57.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities"
},
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2936"
},
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2936"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elgg",
"version": {
"version_data": [
{
"version_value": "through 1.7.10"
}
]
}
}
]
},
"vendor_name": "Elgg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Elgg through 1.7.10 has a SQL injection vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities"
},
{
"name": "Debian",
"refsource": "DEBIAN",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2936"
},
{
"name": "Red Hat",
"refsource": "REDHAT",
"url": "https://access.redhat.com/security/cve/cve-2011-2936"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2936",
"datePublished": "2019-11-12T13:47:57.000Z",
"dateReserved": "2011-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:15:31.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2935 (GCVE-0-2011-2935)
Vulnerability from nvd – Published: 2019-11-12 13:45 – Updated: 2024-08-06 23:15
VLAI
Summary
Elgg through 1.7.10 has XSS
Severity
No CVSS data available.
CWE
- unspecified
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | vendor-advisoryx_refsource_DEBIAN |
| https://access.redhat.com/security/cve/cve-2011-2935 | vendor-advisoryx_refsource_REDHAT |
| https://oss-security.openwall.narkive.com/1UH3NYx… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:32.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2935"
},
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Elgg",
"vendor": "Elgg",
"versions": [
{
"status": "affected",
"version": "through 1.7.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Elgg through 1.7.10 has XSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T13:45:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2935"
},
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elgg",
"version": {
"version_data": [
{
"version_value": "through 1.7.10"
}
]
}
}
]
},
"vendor_name": "Elgg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Elgg through 1.7.10 has XSS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Debian",
"refsource": "DEBIAN",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2935"
},
{
"name": "Red Hat",
"refsource": "REDHAT",
"url": "https://access.redhat.com/security/cve/cve-2011-2935"
},
{
"name": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2935",
"datePublished": "2019-11-12T13:45:01.000Z",
"dateReserved": "2011-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:15:32.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11016 (GCVE-0-2019-11016)
Vulnerability from nvd – Published: 2019-04-08 20:13 – Updated: 2024-08-04 22:40
VLAI
Summary
Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://elgg.org/blog/view/2913744/security-relea… | x_refsource_MISC |
| https://github.com/Elgg/Elgg/releases/tag/1.12.18 | x_refsource_MISC |
| https://github.com/Elgg/Elgg/releases/tag/2.3.11 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://elgg.org/blog/view/2913744/security-release-elgg-11218-and-2311"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Elgg/Elgg/releases/tag/1.12.18"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Elgg/Elgg/releases/tag/2.3.11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-08T20:13:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://elgg.org/blog/view/2913744/security-release-elgg-11218-and-2311"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Elgg/Elgg/releases/tag/1.12.18"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Elgg/Elgg/releases/tag/2.3.11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://elgg.org/blog/view/2913744/security-release-elgg-11218-and-2311",
"refsource": "MISC",
"url": "https://elgg.org/blog/view/2913744/security-release-elgg-11218-and-2311"
},
{
"name": "https://github.com/Elgg/Elgg/releases/tag/1.12.18",
"refsource": "MISC",
"url": "https://github.com/Elgg/Elgg/releases/tag/1.12.18"
},
{
"name": "https://github.com/Elgg/Elgg/releases/tag/2.3.11",
"refsource": "MISC",
"url": "https://github.com/Elgg/Elgg/releases/tag/2.3.11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11016",
"datePublished": "2019-04-08T20:13:25.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0234 (GCVE-0-2013-0234)
Vulnerability from nvd – Published: 2014-02-02 20:00 – Updated: 2024-08-06 14:18
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://blog.elgg.org/pg/blog/cash/read/223/elgg-1… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/119903/Elgg-… | x_refsource_MISC |
| https://github.com/Elgg/Elgg/commit/a74a88501c41e… | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2013/Jan/251 | mailing-listx_refsource_FULLDISC |
| https://github.com/Elgg/Elgg/commit/19dc507c2fccb… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2013/01/29/4 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/52007 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/57569 | vdb-entryx_refsource_BID |
Date Public
2013-01-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.elgg.org/pg/blog/cash/read/223/elgg-1813-and-1717"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/119903/Elgg-Twitter-Widget-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Elgg/Elgg/commit/a74a88501c41e89c8bcd7fc650ae2f8cc0a5003d#L2L21"
},
{
"name": "20130129 XSS in Elgg 1.8.12, 1.7.16 (core module \"Twitter widget\")",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Jan/251"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Elgg/Elgg/commit/19dc507c2fccb378be2a44a762edf6c1e7afa334#L0R11"
},
{
"name": "[oss-security] 20130128 Re: CVE Request: XSS in Elgg 1.8.12, 1.7.16 (core module \"Twitter widget\")",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/4"
},
{
"name": "52007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52007"
},
{
"name": "57569",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57569"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-02T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.elgg.org/pg/blog/cash/read/223/elgg-1813-and-1717"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/119903/Elgg-Twitter-Widget-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Elgg/Elgg/commit/a74a88501c41e89c8bcd7fc650ae2f8cc0a5003d#L2L21"
},
{
"name": "20130129 XSS in Elgg 1.8.12, 1.7.16 (core module \"Twitter widget\")",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Jan/251"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Elgg/Elgg/commit/19dc507c2fccb378be2a44a762edf6c1e7afa334#L0R11"
},
{
"name": "[oss-security] 20130128 Re: CVE Request: XSS in Elgg 1.8.12, 1.7.16 (core module \"Twitter widget\")",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/4"
},
{
"name": "52007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52007"
},
{
"name": "57569",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57569"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.elgg.org/pg/blog/cash/read/223/elgg-1813-and-1717",
"refsource": "CONFIRM",
"url": "http://blog.elgg.org/pg/blog/cash/read/223/elgg-1813-and-1717"
},
{
"name": "http://packetstormsecurity.com/files/119903/Elgg-Twitter-Widget-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/119903/Elgg-Twitter-Widget-Cross-Site-Scripting.html"
},
{
"name": "https://github.com/Elgg/Elgg/commit/a74a88501c41e89c8bcd7fc650ae2f8cc0a5003d#L2L21",
"refsource": "CONFIRM",
"url": "https://github.com/Elgg/Elgg/commit/a74a88501c41e89c8bcd7fc650ae2f8cc0a5003d#L2L21"
},
{
"name": "20130129 XSS in Elgg 1.8.12, 1.7.16 (core module \"Twitter widget\")",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Jan/251"
},
{
"name": "https://github.com/Elgg/Elgg/commit/19dc507c2fccb378be2a44a762edf6c1e7afa334#L0R11",
"refsource": "CONFIRM",
"url": "https://github.com/Elgg/Elgg/commit/19dc507c2fccb378be2a44a762edf6c1e7afa334#L0R11"
},
{
"name": "[oss-security] 20130128 Re: CVE Request: XSS in Elgg 1.8.12, 1.7.16 (core module \"Twitter widget\")",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/4"
},
{
"name": "52007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52007"
},
{
"name": "57569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57569"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0234",
"datePublished": "2014-02-02T20:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:18:09.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6563 (GCVE-0-2012-6563)
Vulnerability from nvd – Published: 2013-05-23 15:00 – Updated: 2024-08-06 21:36
VLAI
Summary
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://blog.elgg.org/pg/blog/evan/read/209/elgg-1… | x_refsource_CONFIRM |
| http://secunia.com/advisories/49129 | third-party-advisoryx_refsource_SECUNIA |
| http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/53623 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49129"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-multiple-security-bypass(75757)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49129"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-multiple-security-bypass(75757)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released",
"refsource": "CONFIRM",
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49129"
},
{
"name": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip",
"refsource": "CONFIRM",
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-multiple-security-bypass(75757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6563",
"datePublished": "2013-05-23T15:00:00.000Z",
"dateReserved": "2013-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:36:01.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6562 (GCVE-0-2012-6562)
Vulnerability from nvd – Published: 2013-05-23 15:00 – Updated: 2024-08-06 21:36
VLAI
Summary
engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://blog.elgg.org/pg/blog/evan/read/209/elgg-1… | x_refsource_CONFIRM |
| http://secunia.com/advisories/49129 | third-party-advisoryx_refsource_SECUNIA |
| http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/53623 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:00.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49129"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-multiple-security-bypass(75757)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49129"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-multiple-security-bypass(75757)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released",
"refsource": "CONFIRM",
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49129"
},
{
"name": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip",
"refsource": "CONFIRM",
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-multiple-security-bypass(75757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6562",
"datePublished": "2013-05-23T15:00:00.000Z",
"dateReserved": "2013-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:36:00.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6561 (GCVE-0-2012-6561)
Vulnerability from nvd – Published: 2013-05-23 15:00 – Updated: 2024-08-06 21:36
VLAI
Summary
Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://blog.elgg.org/pg/blog/evan/read/209/elgg-1… | x_refsource_CONFIRM |
| http://secunia.com/advisories/49129 | third-party-advisoryx_refsource_SECUNIA |
| http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/53623 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:00.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49129"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-index-xss(75756)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49129"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-index-xss(75756)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released",
"refsource": "CONFIRM",
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49129"
},
{
"name": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip",
"refsource": "CONFIRM",
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-index-xss(75756)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6561",
"datePublished": "2013-05-23T15:00:00.000Z",
"dateReserved": "2013-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:36:00.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3733 (GCVE-0-2011-3733)
Vulnerability from nvd – Published: 2011-09-23 23:00 – Updated: 2024-09-16 21:07
VLAI
Summary
Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-listx_refsource_MLIST |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/elgg-1.7.6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/elgg-1.7.6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/elgg-1.7.6",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/elgg-1.7.6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3733",
"datePublished": "2011-09-23T23:00:00.000Z",
"dateReserved": "2011-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:07:26.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4072 (GCVE-0-2021-4072)
Vulnerability from cvelistv5 – Published: 2021-12-24 13:25 – Updated: 2024-08-03 17:16
VLAI
Title
Cross-site Scripting (XSS) - Stored in elgg/elgg
Summary
elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/74034253-732a-4251-a0f… | x_refsource_CONFIRM |
| https://github.com/elgg/elgg/commit/c30b17bf75256… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:03.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/74034253-732a-4251-a0f9-eca5f576c955"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/elgg/elgg/commit/c30b17bf75256ed3fcc84e2083147cc3951423d0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "elgg/elgg",
"vendor": "elgg",
"versions": [
{
"lessThan": "3.3.24",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "elgg is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-24T13:25:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/74034253-732a-4251-a0f9-eca5f576c955"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/elgg/elgg/commit/c30b17bf75256ed3fcc84e2083147cc3951423d0"
}
],
"source": {
"advisory": "74034253-732a-4251-a0f9-eca5f576c955",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in elgg/elgg",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4072",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in elgg/elgg"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "elgg/elgg",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.24"
}
]
}
}
]
},
"vendor_name": "elgg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "elgg is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/74034253-732a-4251-a0f9-eca5f576c955",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/74034253-732a-4251-a0f9-eca5f576c955"
},
{
"name": "https://github.com/elgg/elgg/commit/c30b17bf75256ed3fcc84e2083147cc3951423d0",
"refsource": "MISC",
"url": "https://github.com/elgg/elgg/commit/c30b17bf75256ed3fcc84e2083147cc3951423d0"
}
]
},
"source": {
"advisory": "74034253-732a-4251-a0f9-eca5f576c955",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4072",
"datePublished": "2021-12-24T13:25:09.000Z",
"dateReserved": "2021-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:16:03.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3980 (GCVE-0-2021-3980)
Vulnerability from cvelistv5 – Published: 2021-12-03 15:05 – Updated: 2024-08-03 17:09
VLAI
Title
Exposure of Private Personal Information to an Unauthorized Actor in elgg/elgg
Summary
elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
Severity
5.3 (Medium)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/1f43f11e-4bd8-451f-a24… | x_refsource_CONFIRM |
| https://github.com/elgg/elgg/commit/572d210e2392f… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/1f43f11e-4bd8-451f-a244-dc9541cdc0ac"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/elgg/elgg/commit/572d210e2392f1fdf47ff2f38665372a6535c126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "elgg/elgg",
"vendor": "elgg",
"versions": [
{
"lessThan": "3.3.23",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-03T15:05:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/1f43f11e-4bd8-451f-a244-dc9541cdc0ac"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/elgg/elgg/commit/572d210e2392f1fdf47ff2f38665372a6535c126"
}
],
"source": {
"advisory": "1f43f11e-4bd8-451f-a244-dc9541cdc0ac",
"discovery": "EXTERNAL"
},
"title": "Exposure of Private Personal Information to an Unauthorized Actor in elgg/elgg",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3980",
"STATE": "PUBLIC",
"TITLE": "Exposure of Private Personal Information to an Unauthorized Actor in elgg/elgg"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "elgg/elgg",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.23"
}
]
}
}
]
},
"vendor_name": "elgg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1f43f11e-4bd8-451f-a244-dc9541cdc0ac",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1f43f11e-4bd8-451f-a244-dc9541cdc0ac"
},
{
"name": "https://github.com/elgg/elgg/commit/572d210e2392f1fdf47ff2f38665372a6535c126",
"refsource": "MISC",
"url": "https://github.com/elgg/elgg/commit/572d210e2392f1fdf47ff2f38665372a6535c126"
}
]
},
"source": {
"advisory": "1f43f11e-4bd8-451f-a244-dc9541cdc0ac",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3980",
"datePublished": "2021-12-03T15:05:10.000Z",
"dateReserved": "2021-11-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3964 (GCVE-0-2021-3964)
Vulnerability from cvelistv5 – Published: 2021-12-01 11:25 – Updated: 2024-08-03 17:09
VLAI
Title
Authorization Bypass Through User-Controlled Key in elgg/elgg
Summary
elgg is vulnerable to Authorization Bypass Through User-Controlled Key
Severity
4.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/a4df45d6-b739-4299-967… | x_refsource_CONFIRM |
| https://github.com/elgg/elgg/commit/d9fcad76ee380… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a4df45d6-b739-4299-967f-c960b569383a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/elgg/elgg/commit/d9fcad76ee380ea17edd61d13d0f87828ea3f744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "elgg/elgg",
"vendor": "elgg",
"versions": [
{
"lessThan": "3.3.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "elgg is vulnerable to Authorization Bypass Through User-Controlled Key"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T11:25:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a4df45d6-b739-4299-967f-c960b569383a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/elgg/elgg/commit/d9fcad76ee380ea17edd61d13d0f87828ea3f744"
}
],
"source": {
"advisory": "a4df45d6-b739-4299-967f-c960b569383a",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in elgg/elgg",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3964",
"STATE": "PUBLIC",
"TITLE": "Authorization Bypass Through User-Controlled Key in elgg/elgg"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "elgg/elgg",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.22"
}
]
}
}
]
},
"vendor_name": "elgg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "elgg is vulnerable to Authorization Bypass Through User-Controlled Key"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a4df45d6-b739-4299-967f-c960b569383a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a4df45d6-b739-4299-967f-c960b569383a"
},
{
"name": "https://github.com/elgg/elgg/commit/d9fcad76ee380ea17edd61d13d0f87828ea3f744",
"refsource": "MISC",
"url": "https://github.com/elgg/elgg/commit/d9fcad76ee380ea17edd61d13d0f87828ea3f744"
}
]
},
"source": {
"advisory": "a4df45d6-b739-4299-967f-c960b569383a",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3964",
"datePublished": "2021-12-01T11:25:10.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2936 (GCVE-0-2011-2936)
Vulnerability from cvelistv5 – Published: 2019-11-12 13:47 – Updated: 2024-08-06 23:15
VLAI
Summary
Elgg through 1.7.10 has a SQL injection vulnerability
Severity
No CVSS data available.
CWE
- unspecified
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://oss-security.openwall.narkive.com/1UH3NYx… | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | vendor-advisoryx_refsource_DEBIAN |
| https://access.redhat.com/security/cve/cve-2011-2936 | vendor-advisoryx_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:31.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities"
},
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2936"
},
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2936"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Elgg",
"vendor": "Elgg",
"versions": [
{
"status": "affected",
"version": "through 1.7.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Elgg through 1.7.10 has a SQL injection vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T13:47:57.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities"
},
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2936"
},
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2936"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elgg",
"version": {
"version_data": [
{
"version_value": "through 1.7.10"
}
]
}
}
]
},
"vendor_name": "Elgg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Elgg through 1.7.10 has a SQL injection vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities"
},
{
"name": "Debian",
"refsource": "DEBIAN",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2936"
},
{
"name": "Red Hat",
"refsource": "REDHAT",
"url": "https://access.redhat.com/security/cve/cve-2011-2936"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2936",
"datePublished": "2019-11-12T13:47:57.000Z",
"dateReserved": "2011-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:15:31.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2935 (GCVE-0-2011-2935)
Vulnerability from cvelistv5 – Published: 2019-11-12 13:45 – Updated: 2024-08-06 23:15
VLAI
Summary
Elgg through 1.7.10 has XSS
Severity
No CVSS data available.
CWE
- unspecified
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | vendor-advisoryx_refsource_DEBIAN |
| https://access.redhat.com/security/cve/cve-2011-2935 | vendor-advisoryx_refsource_REDHAT |
| https://oss-security.openwall.narkive.com/1UH3NYx… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:32.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2935"
},
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Elgg",
"vendor": "Elgg",
"versions": [
{
"status": "affected",
"version": "through 1.7.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Elgg through 1.7.10 has XSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T13:45:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2935"
},
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elgg",
"version": {
"version_data": [
{
"version_value": "through 1.7.10"
}
]
}
}
]
},
"vendor_name": "Elgg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Elgg through 1.7.10 has XSS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Debian",
"refsource": "DEBIAN",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2935"
},
{
"name": "Red Hat",
"refsource": "REDHAT",
"url": "https://access.redhat.com/security/cve/cve-2011-2935"
},
{
"name": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2935",
"datePublished": "2019-11-12T13:45:01.000Z",
"dateReserved": "2011-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:15:32.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11016 (GCVE-0-2019-11016)
Vulnerability from cvelistv5 – Published: 2019-04-08 20:13 – Updated: 2024-08-04 22:40
VLAI
Summary
Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://elgg.org/blog/view/2913744/security-relea… | x_refsource_MISC |
| https://github.com/Elgg/Elgg/releases/tag/1.12.18 | x_refsource_MISC |
| https://github.com/Elgg/Elgg/releases/tag/2.3.11 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://elgg.org/blog/view/2913744/security-release-elgg-11218-and-2311"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Elgg/Elgg/releases/tag/1.12.18"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Elgg/Elgg/releases/tag/2.3.11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-08T20:13:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://elgg.org/blog/view/2913744/security-release-elgg-11218-and-2311"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Elgg/Elgg/releases/tag/1.12.18"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Elgg/Elgg/releases/tag/2.3.11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://elgg.org/blog/view/2913744/security-release-elgg-11218-and-2311",
"refsource": "MISC",
"url": "https://elgg.org/blog/view/2913744/security-release-elgg-11218-and-2311"
},
{
"name": "https://github.com/Elgg/Elgg/releases/tag/1.12.18",
"refsource": "MISC",
"url": "https://github.com/Elgg/Elgg/releases/tag/1.12.18"
},
{
"name": "https://github.com/Elgg/Elgg/releases/tag/2.3.11",
"refsource": "MISC",
"url": "https://github.com/Elgg/Elgg/releases/tag/2.3.11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11016",
"datePublished": "2019-04-08T20:13:25.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0234 (GCVE-0-2013-0234)
Vulnerability from cvelistv5 – Published: 2014-02-02 20:00 – Updated: 2024-08-06 14:18
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://blog.elgg.org/pg/blog/cash/read/223/elgg-1… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/119903/Elgg-… | x_refsource_MISC |
| https://github.com/Elgg/Elgg/commit/a74a88501c41e… | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2013/Jan/251 | mailing-listx_refsource_FULLDISC |
| https://github.com/Elgg/Elgg/commit/19dc507c2fccb… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2013/01/29/4 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/52007 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/57569 | vdb-entryx_refsource_BID |
Date Public
2013-01-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.elgg.org/pg/blog/cash/read/223/elgg-1813-and-1717"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/119903/Elgg-Twitter-Widget-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Elgg/Elgg/commit/a74a88501c41e89c8bcd7fc650ae2f8cc0a5003d#L2L21"
},
{
"name": "20130129 XSS in Elgg 1.8.12, 1.7.16 (core module \"Twitter widget\")",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Jan/251"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Elgg/Elgg/commit/19dc507c2fccb378be2a44a762edf6c1e7afa334#L0R11"
},
{
"name": "[oss-security] 20130128 Re: CVE Request: XSS in Elgg 1.8.12, 1.7.16 (core module \"Twitter widget\")",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/4"
},
{
"name": "52007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52007"
},
{
"name": "57569",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57569"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-02T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.elgg.org/pg/blog/cash/read/223/elgg-1813-and-1717"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/119903/Elgg-Twitter-Widget-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Elgg/Elgg/commit/a74a88501c41e89c8bcd7fc650ae2f8cc0a5003d#L2L21"
},
{
"name": "20130129 XSS in Elgg 1.8.12, 1.7.16 (core module \"Twitter widget\")",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Jan/251"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Elgg/Elgg/commit/19dc507c2fccb378be2a44a762edf6c1e7afa334#L0R11"
},
{
"name": "[oss-security] 20130128 Re: CVE Request: XSS in Elgg 1.8.12, 1.7.16 (core module \"Twitter widget\")",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/4"
},
{
"name": "52007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52007"
},
{
"name": "57569",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57569"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.elgg.org/pg/blog/cash/read/223/elgg-1813-and-1717",
"refsource": "CONFIRM",
"url": "http://blog.elgg.org/pg/blog/cash/read/223/elgg-1813-and-1717"
},
{
"name": "http://packetstormsecurity.com/files/119903/Elgg-Twitter-Widget-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/119903/Elgg-Twitter-Widget-Cross-Site-Scripting.html"
},
{
"name": "https://github.com/Elgg/Elgg/commit/a74a88501c41e89c8bcd7fc650ae2f8cc0a5003d#L2L21",
"refsource": "CONFIRM",
"url": "https://github.com/Elgg/Elgg/commit/a74a88501c41e89c8bcd7fc650ae2f8cc0a5003d#L2L21"
},
{
"name": "20130129 XSS in Elgg 1.8.12, 1.7.16 (core module \"Twitter widget\")",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Jan/251"
},
{
"name": "https://github.com/Elgg/Elgg/commit/19dc507c2fccb378be2a44a762edf6c1e7afa334#L0R11",
"refsource": "CONFIRM",
"url": "https://github.com/Elgg/Elgg/commit/19dc507c2fccb378be2a44a762edf6c1e7afa334#L0R11"
},
{
"name": "[oss-security] 20130128 Re: CVE Request: XSS in Elgg 1.8.12, 1.7.16 (core module \"Twitter widget\")",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/4"
},
{
"name": "52007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52007"
},
{
"name": "57569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57569"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0234",
"datePublished": "2014-02-02T20:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:18:09.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6561 (GCVE-0-2012-6561)
Vulnerability from cvelistv5 – Published: 2013-05-23 15:00 – Updated: 2024-08-06 21:36
VLAI
Summary
Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://blog.elgg.org/pg/blog/evan/read/209/elgg-1… | x_refsource_CONFIRM |
| http://secunia.com/advisories/49129 | third-party-advisoryx_refsource_SECUNIA |
| http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/53623 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:00.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49129"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-index-xss(75756)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49129"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-index-xss(75756)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released",
"refsource": "CONFIRM",
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49129"
},
{
"name": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip",
"refsource": "CONFIRM",
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-index-xss(75756)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6561",
"datePublished": "2013-05-23T15:00:00.000Z",
"dateReserved": "2013-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:36:00.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6563 (GCVE-0-2012-6563)
Vulnerability from cvelistv5 – Published: 2013-05-23 15:00 – Updated: 2024-08-06 21:36
VLAI
Summary
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://blog.elgg.org/pg/blog/evan/read/209/elgg-1… | x_refsource_CONFIRM |
| http://secunia.com/advisories/49129 | third-party-advisoryx_refsource_SECUNIA |
| http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/53623 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49129"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-multiple-security-bypass(75757)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49129"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-multiple-security-bypass(75757)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released",
"refsource": "CONFIRM",
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49129"
},
{
"name": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip",
"refsource": "CONFIRM",
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-multiple-security-bypass(75757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6563",
"datePublished": "2013-05-23T15:00:00.000Z",
"dateReserved": "2013-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:36:01.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6562 (GCVE-0-2012-6562)
Vulnerability from cvelistv5 – Published: 2013-05-23 15:00 – Updated: 2024-08-06 21:36
VLAI
Summary
engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://blog.elgg.org/pg/blog/evan/read/209/elgg-1… | x_refsource_CONFIRM |
| http://secunia.com/advisories/49129 | third-party-advisoryx_refsource_SECUNIA |
| http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/53623 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:00.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49129"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-multiple-security-bypass(75757)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49129"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-multiple-security-bypass(75757)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released",
"refsource": "CONFIRM",
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49129"
},
{
"name": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip",
"refsource": "CONFIRM",
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-multiple-security-bypass(75757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6562",
"datePublished": "2013-05-23T15:00:00.000Z",
"dateReserved": "2013-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:36:00.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3733 (GCVE-0-2011-3733)
Vulnerability from cvelistv5 – Published: 2011-09-23 23:00 – Updated: 2024-09-16 21:07
VLAI
Summary
Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-listx_refsource_MLIST |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/elgg-1.7.6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/elgg-1.7.6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/elgg-1.7.6",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/elgg-1.7.6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3733",
"datePublished": "2011-09-23T23:00:00.000Z",
"dateReserved": "2011-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:07:26.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}