Description
Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a (1) FTP or (2) SSH connection attempt.
Remediation
References
Related Vulnerabilities
WordPress Plugin Attachment Manager Arbitrary File Upload (2.1.1)
WordPress 2.8 Multiple Existing/Non-Existing Username Enumeration Weaknesses (0.6.2 - 2.8)
WordPress Plugin Virim PHP Object Injection (0.4)
PHP Resource Management Errors Vulnerability (CVE-2010-4697)
WordPress Plugin Couponer 'print-coupon.php' SQL Injection (1.2)