elgg/elgg is vulnerable to cross-site scripting (XSS) attacks. Improper input neutralization during web page generation allows malicious users to inject and execute arbitrary javascript through address
parameter in add.php
.
Vendor | Product | Version | CPE |
---|---|---|---|
elgg | elgg\/elgg | * | cpe:2.3:a:elgg:elgg\/elgg:*:*:*:*:*:*:*:* |