Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:33460
HistoryDec 27, 2021 - 8:41 a.m.

Cross-site Scripting (XSS)

2021-12-2708:41:52
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
elgg
vulnerability
cross-site scripting
web page generation
malicious users
javascript
address parameter

EPSS

0.001

Percentile

21.4%

elgg/elgg is vulnerable to cross-site scripting (XSS) attacks. Improper input neutralization during web page generation allows malicious users to inject and execute arbitrary javascript through address parameter in add.php.

Affected configurations

Vulners
Node
elggelgg\/elggRange3.3.23
OR
elggelgg\/elggRange4.0.5
VendorProductVersionCPE
elggelgg\/elgg*cpe:2.3:a:elgg:elgg\/elgg:*:*:*:*:*:*:*:*

EPSS

0.001

Percentile

21.4%

Related for VERACODE:33460