Elgg Cross Site Scripting and Multiple Security Bypass Vulnerabilities

Elgg is prone to the following vulnerabilities:

1. Multiple security-bypass vulnerabilities.

2. A cross-site scripting vulnerability.

Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and perform certain administrative actions in the vulnerable application.

Elgg 1.8.4 is vulnerable. prior versions may also get affected.


 

Privacy Statement
Copyright 2010, SecurityFocus