Description
The Automatic Certificate Management Environment (ACME) protocol is a communications protocol for automating interactions between certificate authorities and their users' web servers, allowing the automated deployment of public key infrastructure at very low cost. It was designed by the Internet Security Research Group (ISRG) for their Let's Encrypt service.
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.
Remediation
Apply context-dependent encoding and/or validation to user input rendered on a page.
References
Cross-site Scripting (XSS) Attack - Acunetix
XSS Filter Evasion Cheat Sheet
Excess XSS, a comprehensive tutorial on cross-site scripting
Related Vulnerabilities
WordPress Plugin WordPress File Monitor Cross-Site Scripting (2.3.3)
WordPress Plugin Twitter Button by BestWebSoft Multiple Cross-Site Scripting Vulnerabilities (2.36)
WordPress Plugin YaySMTP-Simple WP SMTP Mail Cross-Site Scripting (2.4.5)
WordPress Plugin WP OAuth Server (OAuth Authentication) Cross-Site Scripting (4.2.1)