Description

Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2012-6561

Related Vulnerabilities

MySQL CVE-2017-3648 Vulnerability (CVE-2017-3648)

WordPress Plugin AVH Extended Categories Widgets Unspecified Vulnerability (4.0.2)

WordPress 2.8.2 Multiple Security Bypass Vulnerabilities (2.0 - 2.8.2)

ownCloud Improper Access Control Vulnerability (CVE-2016-9468)

WordPress Plugin Youzify-BuddyPress Community, User Profile, Social Network & Membership for WordPress Cross-Site Scripting (1.2.1)

Severity

Medium

Classification

CVE-2012-6561 CWE-707

Tags

Missing Update Known Vulnerabilities