Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Elgg through 1.7.10 has XSS
Advisories for Composer/Elgg/Elgg package
2022
2021
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exposure of Private Personal Information to an Unauthorized Actor
elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
Authorization Bypass Through User-Controlled Key
elgg is vulnerable to Authorization Bypass Through User-Controlled Key
2019
URL Redirection to Untrusted Site (Open Redirect)
Elgg has an open redirect.