Elgg Cross Site Scripting and Multiple Security Bypass Vulnerabilities
Elgg is prone to the following vulnerabilities:
1. Multiple security-bypass vulnerabilities.
2. A cross-site scripting vulnerability.
Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and perform certain administrative actions in the vulnerable application.
Elgg 1.8.4 is vulnerable. prior versions may also get affected.