info
discussion
exploit
solution
references
TellMe Multiple Cross-Site Scripting Vulnerabilities
No exploit is required.
An example has been provided:
http://[host]/tellme/index.php?q_Host=<iframe> src=http://whatismyip.com></iframe>
Privacy Statement
Copyright 2010, SecurityFocus
