Description
Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
Joomla! Core 3.x.x Cross-Site Scripting (3.1.2 - 3.8.7)
Dolphin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-4333)
Frontaccounting Other Vulnerability (CVE-2007-4279)
WordPress Plugin Similar Posts-Best Related Posts for WordPress Remote Code Execution (3.1.5)
WordPress Plugin Fancy Product Designer-WooCommerce Cross-Site Scripting (3.4.1)