Mrclay

**Name of the Vulnerable Software and Affected Versions** Elgg versions prior to 1.7.17 Elgg versions 1.8.x prior to 1.8.13 **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `params[twitter username]` parameter to the "action/widgets/save" endpoint. **Recommendations** For Elgg versions prior to 1.7.17, update to version 1.7.17 or later. For Elgg versions 1.8.x prior to 1.8.13, update to version 1.8.13 or later.