Description

Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2012-6561

Related Vulnerabilities

Oracle Database Server CVE-2012-0520 Vulnerability (CVE-2012-0520)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20099)

phpMyFAQ Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3783)

WordPress Improper Authentication Vulnerability (CVE-2022-43504)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3835)

Severity

Medium

Classification

CVE-2012-6561 CWE-707

Tags

Missing Update Known Vulnerabilities