BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget") Jan 29 2013 12:03AM
Moritz Naumann (security moritz-naumann com)
Hello dear XSS bored audience,

the PHP based social networking engine Elgg [1], versions 1.8.12 and
1.7.16 and earlier, bears a persistent script injection vulnerability in
its core module "Twitter widget", which allows for XSS attacks.

On installations which have the Twitter widget activated (dis...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus