CVE-2012-6561

EUVD-2012-6408
Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php.  NOTE: some of these details are obtained from third party information.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
elggelgg
𝑥
≤ 1.8.4
elggelgg
1.7.0
elggelgg
1.7.1
elggelgg
1.7.2
elggelgg
1.7.3
elggelgg
1.7.4
elggelgg
1.7.5
elggelgg
1.7.6
elggelgg
1.7.7
elggelgg
1.7.8
elggelgg
1.7.9
elggelgg
1.7.10
elggelgg
1.7.11
elggelgg
1.7.12
elggelgg
1.7.13
elggelgg
1.7.14
elggelgg
1.7.15
elggelgg
1.7.16
elggelgg
1.7.17
elggelgg
1.7.18
elggelgg
1.8.0.1
elggelgg
1.8.1
elggelgg
1.8.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released
http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip
http://secunia.com/advisories/49129
http://www.securityfocus.com/bid/53623
https://exchange.xforce.ibmcloud.com/vulnerabilities/75756
http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released
http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip
http://secunia.com/advisories/49129
http://www.securityfocus.com/bid/53623
https://exchange.xforce.ibmcloud.com/vulnerabilities/75756