CVE-2013-0234
CVE-2013-0234 is a cross-site scripting (XSS) vulnerability affecting the Twitter widget in Elgg prior to 1.7.17 and 1.8.x prior to 1.8.13. The issue allows remote attackers to inject arbitrary web script or HTML through the params[twitter_username] parameter to action/widgets/save. Multiple conn...