Description
Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save.
Remediation
References
Related Vulnerabilities
WordPress Plugin Role Scoper Cross-Site Scripting (1.3.66)
WordPress Plugin Feedify-Web Push Notifications Cross-Site Scripting (2.1.8)
WordPress Plugin WooCommerce Amazon Affiliates Multiple Vulnerabilities (8.0)
WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (4.0.9)
Jenkins Improper Certificate Validation Vulnerability (CVE-2017-1000396)