info
discussion
exploit
solution
references
PMachine ExpressionEngine HTTP Referrer HTML Injection Vulnerability
An exploit is not required.
An example exploit has been provided:
GET /path/index.php HTTP/1.0
Host: host
Referer: http://<XSS>.com/;
Privacy Statement
Copyright 2010, SecurityFocus
