Description
The Automatic Certificate Management Environment (ACME) protocol is a communications protocol for automating interactions between certificate authorities and their users' web servers, allowing the automated deployment of public key infrastructure at very low cost. It was designed by the Internet Security Research Group (ISRG) for their Let's Encrypt service.
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.
Remediation
Apply context-dependent encoding and/or validation to user input rendered on a page.
References
Cross-site scripting (XSS) Attack
XSS Filter Evasion Cheat Sheet
Excess XSS, a comprehensive tutorial on cross-site scripting
Related Vulnerabilities
WordPress Plugin WP DSGVO Tools (GDPR) Cross-Site Scripting (3.1.23)
WordPress Plugin Latest Posts by BestWebSoft Cross-Site Scripting (0.2)
WordPress Plugin Seed Social Cross-Site Scripting (2.0.3)
WordPress Plugin Count per Day Multiple Cross-Site Scripting Vulnerabilities (3.5.4)
WordPress Plugin Parallax Scroll Cross-Site Scripting (2.0.1)