Cross Site Scripting Vulnerabilities in Elgg <= 1.7.9

New vulnerability has been discovered in Elgg an open-source application that helps to create social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications.

Well-known Organizations with networks powered by Elgg include: Australian Government, British Government, Federal Canadian Government, MITRE, The World Bank, UNESCO, NASA, Stanford University, Johns Hopkins University and more (

Vulnerability exist in several application parameters (page_owner, content,internalname, QUERY_STRING) that are not properly sanitized, which allows attacker to conduct Cross Site Scripting attack.





To fix this vulnerability you need to upgrade Elgg to 1.7.10 or higher.

  • united gold direct

    Hey, I really enjoyed reading this post……it made my day    Yu have a really fun blog, I hope you post more stuff like this soon…thanks a lot 

  • buy levitra online

    I have inspired by reading your blog. You gave me much interesting stuff. Hope to see more posts. Thanks

  • Mike Bosch

    Really valuable article.

  • applecjj