CVE-2008-1304

Priority
Low
Description
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2
allow remote attackers to inject arbitrary web script or HTML via the (1)
inviteemail parameter in an invite action to wp-admin/users.php and the (2)
to parameter in a sent action to wp-admin/invites.php.
References
Notes
jdstrand> wp-admin/invite.php does not exist and 'grep -r invite
wp-admin/users.php' shows code is not present
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):not-affected (2.3.3-1ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:18:40 UTC (commit 5347)