Description
Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable).
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Private Message Insecure Direct Object Reference (1.0.5)
Oracle Database Server CVE-2011-0870 Vulnerability (CVE-2011-0870)
osTicket Other Vulnerability (CVE-2006-5407)
WordPress Plugin Lara's Google Analytics Cross-Site Scripting (2.0.4)
WordPress Plugin Redirect 404 to parent Cross-Site Scripting (1.3.0)