Liran Segal

**Name of the Vulnerable Software and Affected Versions** Nextend Twitter Connect plugin versions prior to 1.5.2 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It affects the `new Twitter sign button` function in the `nextend-Twitter-connect.php` file. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the `redirect to` parameter. **Recommendations** For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `new Twitter sign button` function and avoid using the `redirect to` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Nextend Facebook Connect plugin versions prior to 1.5.6 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the `redirect to` parameter in the `new fb sign button` function. **Recommendations** For versions prior to 1.5.6, update to version 1.5.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the `new fb sign button` function in the nextend-facebook-connect.php file until the update is applied. Avoid using the `redirect to` parameter in the affected function until the issue is resolved.