CVE-2021-4072

Published: Dec 24, 2021

Modified: Aug 3, 2024

PUBLISHED

CVSS v3.0

9.0

CRITICAL

elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Vendor	Product	Versions
elgg	elgg/elgg	affected `unspecified - < 3.3.24`

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

x_refsource_CONFIRM

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.