Description
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.
Remediation
References
Related Vulnerabilities
Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2021-38268)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0246)
PHP Use of Externally-Controlled Format String Vulnerability (CVE-2011-1153)
Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-44308)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43953)