CVE-2012-6561

Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php.  NOTE: some of these details are obtained from third party information.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
elggelgg
𝑥
≤ 1.8.4
elggelgg
1.7.0
elggelgg
1.7.1
elggelgg
1.7.2
elggelgg
1.7.3
elggelgg
1.7.4
elggelgg
1.7.5
elggelgg
1.7.6
elggelgg
1.7.7
elggelgg
1.7.8
elggelgg
1.7.9
elggelgg
1.7.10
elggelgg
1.7.11
elggelgg
1.7.12
elggelgg
1.7.13
elggelgg
1.7.14
elggelgg
1.7.15
elggelgg
1.7.16
elggelgg
1.7.17
elggelgg
1.7.18
elggelgg
1.8.0.1
elggelgg
1.8.1
elggelgg
1.8.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released
http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip
http://secunia.com/advisories/49129
http://www.securityfocus.com/bid/53623
https://exchange.xforce.ibmcloud.com/vulnerabilities/75756
http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released
http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip
http://secunia.com/advisories/49129
http://www.securityfocus.com/bid/53623
https://exchange.xforce.ibmcloud.com/vulnerabilities/75756