Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget")
Jan 29 2013 12:03AM
Moritz Naumann (security moritz-naumann com)
Hello dear XSS bored audience,
the PHP based social networking engine Elgg , versions 1.8.12 and
1.7.16 and earlier, bears a persistent script injection vulnerability in
its core module "Twitter widget", which allows for XSS attacks.
On installations which have the Twitter widget activated (dis...
[ more ]
Copyright 2010, SecurityFocus