Plattform
php
Komponente
elgg
Behoben in
3.3.24
CVE-2021-4072 describes a Cross-Site Scripting (XSS) vulnerability affecting the elgg social network platform. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to account compromise and data theft. The vulnerability impacts versions of elgg up to and including 3.3.24, and a patch is available in version 3.3.24.
Successful exploitation of CVE-2021-4072 allows an attacker to execute arbitrary JavaScript code within the context of a victim's browser. This can be leveraged to steal session cookies, redirect users to malicious websites, deface the elgg instance, or even gain complete control over user accounts. The impact is particularly severe because elgg is often used in environments where sensitive user data is stored and processed, such as educational institutions and community organizations. The attacker could potentially gain access to private messages, personal information, and other sensitive data stored within the elgg system. This vulnerability shares similarities with other XSS vulnerabilities, where improper input sanitization leads to the execution of attacker-controlled code.
CVE-2021-4072 was publicly disclosed on December 24, 2021. There is no indication of active exploitation campaigns targeting this vulnerability at this time. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are available, increasing the risk of exploitation if the vulnerability remains unpatched.
Organizations and individuals using elgg versions 3.3.24 and earlier are at risk. This includes educational institutions, community organizations, and any other entity relying on elgg for social networking or collaboration purposes. Shared hosting environments running elgg are particularly vulnerable, as a compromise of one site can potentially impact others on the same server.
• php / web:
curl -I https://your-elgg-site.com/ | grep -i content-type• php / web: Examine elgg plugin files for instances of htmlspecialchars or similar encoding functions. Look for areas where user input is directly inserted into HTML without proper sanitization.
• generic web: Monitor access logs for unusual requests containing JavaScript code or suspicious URL parameters.
• generic web: Use a WAF to detect and block requests containing common XSS payloads.
disclosure
Exploit-Status
EPSS
0.33% (56% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2021-4072 is to immediately upgrade elgg to version 3.3.24 or later. If upgrading is not immediately feasible, consider implementing input validation and output encoding on all user-supplied data to prevent the injection of malicious scripts. Web Application Firewalls (WAFs) can be configured to filter out potentially malicious requests containing XSS payloads. Regularly review and update elgg's configuration to ensure that all security settings are properly configured. After upgrading, confirm the fix by attempting to inject a simple XSS payload (e.g., <script>alert('XSS')</script>) into a form field and verifying that the script is not executed.
Actualice elgg a la versión 3.3.24 o superior. Esta versión corrige la vulnerabilidad XSS almacenada. La actualización se puede realizar a través del panel de administración de elgg o descargando la última versión del sitio web oficial y reemplazando los archivos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2021-4072 is a CRITICAL XSS vulnerability in elgg social network platform versions up to 3.3.24, allowing attackers to inject malicious scripts.
If you are running elgg version 3.3.24 or earlier, you are vulnerable to this XSS attack. Upgrade to 3.3.24 immediately.
The recommended fix is to upgrade elgg to version 3.3.24 or later. Implement input validation and output encoding as a temporary workaround.
While there's no confirmed active exploitation, public PoCs exist, increasing the risk if unpatched.
Refer to the elgg security advisory for detailed information and updates: https://elgg.org/security
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.