Description
Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save.
Remediation
References
Related Vulnerabilities
WordPress Plugin MyBookTable Bookstore by Author Media Cross-Site Scripting (3.2.1)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1590)
WordPress 6.2 Multiple Vulnerabilities (6.2)
Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41307)