Description
Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save.
Remediation
References
Related Vulnerabilities
WordPress Plugin Safe SVG Denial of Service (1.9.4)
PleskLin Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4878)
WordPress Plugin iTwitter Multiple Vulnerabilities (0.04)
WordPress Plugin Ceceppa Multilingua Unspecified Vulnerability (1.5.3)
WordPress Plugin Stock in & out Cross-Site Scripting (1.0.4)