Browse all 5 CVE security advisories affecting Elgg. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Elgg is an open-source social networking platform enabling organizations to create collaborative online communities. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from input validation flaws and improper access controls. While no major public security incidents have been widely documented, the platform's five recorded CVEs highlight recurring issues in sanitizing user inputs and managing authentication mechanisms. Security researchers have noted that timely patching remains critical due to the potential for complete system compromise through unpatched vulnerabilities. The platform's modular architecture, while flexible, introduces additional attack surfaces that require careful configuration and ongoing security assessment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-4072 | Cross-site Scripting (XSS) - Stored in elgg/elgg — elgg/elggCWE-79 | 6.1 | - | 2021-12-24 |
| CVE-2021-3980 | Exposure of Private Personal Information to an Unauthorized Actor in elgg/elgg — elgg/elggCWE-359 | 7.5 | - | 2021-12-03 |
| CVE-2021-3964 | Authorization Bypass Through User-Controlled Key in elgg/elgg — elgg/elggCWE-639 | 8.1 | - | 2021-12-01 |
| CVE-2011-2936 | Elgg SQL注入漏洞 — Elgg | 9.8 | - | 2019-11-12 |
| CVE-2011-2935 | Elgg 跨站脚本漏洞 — Elgg | 6.1 | - | 2019-11-12 |
This page lists every published CVE security advisory associated with Elgg. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.