PublicDate: 2008-03-12 17:44:00 UTC
Candidate: CVE-2008-1304
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1304
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2
 allow remote attackers to inject arbitrary web script or HTML via the (1)
 inviteemail parameter in an invite action to wp-admin/users.php and the (2)
 to parameter in a sent action to wp-admin/invites.php.
Ubuntu-Description:
Notes:
 jdstrand> wp-admin/invite.php does not exist and 'grep -r invite
   wp-admin/users.php' shows code is not present
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_wordpress:
upstream_wordpress: needs-triage
dapper_wordpress: not-affected (2.0.2-2)
edgy_wordpress: not-affected (2.0.4-2)
feisty_wordpress: not-affected (2.1.3-1ubuntu1.1)
gutsy_wordpress: not-affected (2.2.2-1ubuntu1.3)
devel_wordpress: not-affected (2.3.3-1ubuntu1)