CVE-2019-11016

Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect...

EUVD-2012-6409

Malware in sbrugna...

EUVD-2011-3691

Malware in sbrugna...

EUVD-2009-3132

Malware in sbrugna...

EUVD-2013-0267

Malware in sbrugna...

EUVD-2011-2904

Malware in sbrugna...

EUVD-2021-2535

Malware in sbrugna...

EUVD-2021-2525

Malware in sbrugna...

EUVD-2012-6408

Malware in sbrugna...

EUVD-2012-6410

Malware in sbrugna...

EUVD-2022-1783

Malicious code in bioql PyPI...

EUVD-2022-0429

Malicious code in bioql PyPI...

EUVD-2022-5116

Malicious code in bioql PyPI...

CVE-2021-3980

elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor...

CVE-2021-3964

elgg is vulnerable to Authorization Bypass Through User-Controlled Key...

CVE-2011-3733

Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visualtest.php and certain other files...

CVE-2011-2936

Elgg through 1.7.10 has a SQL injection vulnerability...

CVE-2011-2935

Elgg through 1.7.10 has XSS...

CVE-2021-4072

elgg is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

POST Based Reflected Cross Site Scripting in installation page

Description The installation page in Elgg ≤ v4.3.3 is vulnerable to Cross-Site Scripting attack via 'dataroot' parameter. Steps to Reproduce 1. Freshly install the Elgg in your web-server and proceed to "Database Installation Page". 2. Enter the following payload in "Data Directory" field and fil...