Cross-site Scripting (XSS) - Stored in elgg/elgg
traduction en cours…Plateforme
php
Composant
elgg
Corrigé dans
3.3.24
CVE-2021-4072 describes a Cross-Site Scripting (XSS) vulnerability affecting the elgg social network platform. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to account compromise and data theft. The vulnerability impacts versions of elgg up to and including 3.3.24, and a patch is available in version 3.3.24.
Impact et Scénarios d'Attaquetraduction en cours…
Successful exploitation of CVE-2021-4072 allows an attacker to execute arbitrary JavaScript code within the context of a victim's browser. This can be leveraged to steal session cookies, redirect users to malicious websites, deface the elgg instance, or even gain complete control over user accounts. The impact is particularly severe because elgg is often used in environments where sensitive user data is stored and processed, such as educational institutions and community organizations. The attacker could potentially gain access to private messages, personal information, and other sensitive data stored within the elgg system. This vulnerability shares similarities with other XSS vulnerabilities, where improper input sanitization leads to the execution of attacker-controlled code.
Contexte d'Exploitationtraduction en cours…
CVE-2021-4072 was publicly disclosed on December 24, 2021. There is no indication of active exploitation campaigns targeting this vulnerability at this time. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are available, increasing the risk of exploitation if the vulnerability remains unpatched.
Qui Est à Risquetraduction en cours…
Organizations and individuals using elgg versions 3.3.24 and earlier are at risk. This includes educational institutions, community organizations, and any other entity relying on elgg for social networking or collaboration purposes. Shared hosting environments running elgg are particularly vulnerable, as a compromise of one site can potentially impact others on the same server.
Étapes de Détectiontraduction en cours…
• php / web:
curl -I https://your-elgg-site.com/ | grep -i content-type• php / web: Examine elgg plugin files for instances of htmlspecialchars or similar encoding functions. Look for areas where user input is directly inserted into HTML without proper sanitization.
• generic web: Monitor access logs for unusual requests containing JavaScript code or suspicious URL parameters.
• generic web: Use a WAF to detect and block requests containing common XSS payloads.
Chronologie de l'Attaque
- Disclosure
disclosure
Renseignement sur les Menaces
Statut de l'Exploit
EPSS
0.33% (percentile 56%)
Vecteur CVSS
Que signifient ces métriques?
- Attack Vector
- Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
- Attack Complexity
- Faible — aucune condition spéciale requise. Exploitable de manière fiable.
- Privileges Required
- Faible — tout compte utilisateur valide est suffisant.
- User Interaction
- Requise — la victime doit ouvrir un fichier, cliquer sur un lien ou visiter une page.
- Scope
- Modifié — l'attaque peut pivoter au-delà du composant vulnérable.
- Confidentiality
- Élevé — perte totale de confidentialité. L'attaquant peut lire toutes les données.
- Integrity
- Élevé — l'attaquant peut écrire, modifier ou supprimer toutes les données.
- Availability
- Élevé — panne complète ou épuisement des ressources. Déni de service total.
Logiciel Affecté
Classification de Faiblesse (CWE)
Chronologie
- Réservé
- Publiée
- Modifiée
- EPSS mis à jour
Mitigation et Contournementstraduction en cours…
The primary mitigation for CVE-2021-4072 is to immediately upgrade elgg to version 3.3.24 or later. If upgrading is not immediately feasible, consider implementing input validation and output encoding on all user-supplied data to prevent the injection of malicious scripts. Web Application Firewalls (WAFs) can be configured to filter out potentially malicious requests containing XSS payloads. Regularly review and update elgg's configuration to ensure that all security settings are properly configured. After upgrading, confirm the fix by attempting to inject a simple XSS payload (e.g., <script>alert('XSS')</script>) into a form field and verifying that the script is not executed.
Comment corrigertraduction en cours…
Actualice elgg a la versión 3.3.24 o superior. Esta versión corrige la vulnerabilidad XSS almacenada. La actualización se puede realizar a través del panel de administración de elgg o descargando la última versión del sitio web oficial y reemplazando los archivos.
Newsletter Sécurité CVE
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
Questions fréquentestraduction en cours…
What is CVE-2021-4072 — Cross-Site Scripting in elgg?
CVE-2021-4072 is a CRITICAL XSS vulnerability in elgg social network platform versions up to 3.3.24, allowing attackers to inject malicious scripts.
Am I affected by CVE-2021-4072 in elgg?
If you are running elgg version 3.3.24 or earlier, you are vulnerable to this XSS attack. Upgrade to 3.3.24 immediately.
How do I fix CVE-2021-4072 in elgg?
The recommended fix is to upgrade elgg to version 3.3.24 or later. Implement input validation and output encoding as a temporary workaround.
Is CVE-2021-4072 being actively exploited?
While there's no confirmed active exploitation, public PoCs exist, increasing the risk if unpatched.
Where can I find the official elgg advisory for CVE-2021-4072?
Refer to the elgg security advisory for detailed information and updates: https://elgg.org/security
Ton projet est-il affecté ?
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.