Elgg : Security Vulnerabilities, CVEs, Published In 2014 (XSS)
Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save.
Max CVSS
4.3
EPSS Score
0.28%
Published
2014-02-02
Updated
2014-02-21
1 vulnerabilities found