CVE-2008-1304

Priority
Low
Description
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2
allow remote attackers to inject arbitrary web script or HTML via the (1)
inviteemail parameter in an invite action to wp-admin/users.php and the (2)
to parameter in a sent action to wp-admin/invites.php.
References
Notes
 jdstrand> wp-admin/invite.php does not exist and 'grep -r invite
  wp-admin/users.php' shows code is not present
Package
Upstream:needs-triage
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:32:13 UTC (commit 9756)