Description
WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks. WordPress version 2.1.1 is vulnerable; other versions may also be affected.
Remediation
Update to WordPress version 2.1.2 or latest
References
http://www.securityfocus.com/archive/1/461440
http://packetstormsecurity.org/files/view/54793/wp211-csrfxss.txt
Related Vulnerabilities
WordPress Plugin WP-PostRatings Cross-Site Scripting (1.86)
MySQL Other Vulnerability (CVE-2005-1636)
Django Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-4534)
Ruby on Rails Use of Externally-Controlled Format String Vulnerability (CVE-2013-4389)
Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-13662)