Description
The Automatic Certificate Management Environment (ACME) protocol is a communications protocol for automating interactions between certificate authorities and their users' web servers, allowing the automated deployment of public key infrastructure at very low cost. It was designed by the Internet Security Research Group (ISRG) for their Let's Encrypt service.
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.
Remediation
Apply context-dependent encoding and/or validation to user input rendered on a page.
References
Cross-site Scripting (XSS) Attack - Acunetix
XSS Filter Evasion Cheat Sheet
Excess XSS, a comprehensive tutorial on cross-site scripting
Related Vulnerabilities
WordPress Plugin WP Sitemap Page Cross-Site Scripting (1.6.4)
WordPress Plugin Leaky Paywall Cross-Site Scripting (4.16.5)
WordPress Plugin Contact Form DB Cross-Site Scripting (2.8.19)
WordPress Plugin Custom 404 Pro Cross-Site Scripting (3.2.8)
WordPress Plugin April's Super Functions Pack Cross-Site Scripting (1.4.7)