Description

Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save.

Remediation

References

CVE-2013-0234

Related Vulnerabilities

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.23)

WordPress 5.8.x Multiple Vulnerabilities (5.8 - 5.8.2)

WordPress Plugin Custom Field Suite Cross-Site Request Forgery (2.5.15)

WordPress Plugin Resume Submissions & Job Postings Cross-Site Scripting (2.5.3)

WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar Cross-Site Scripting (3.0.1)

Severity

Medium

Classification

CVE-2013-0234 CWE-707

Tags

Missing Update Known Vulnerabilities