Description

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.

Remediation

References

CVE-2008-1304

Related Vulnerabilities

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-34798)

WebLogic CVE-2017-3248 Vulnerability (CVE-2017-3248)

Oracle JRE CVE-2013-5782 Vulnerability (CVE-2013-5782)

Java Denial of Service (DoS) Vulnerability (CVE-2019-2769)

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23214)

Severity

Medium

Classification

CVE-2008-1304 CWE-707

Tags

Missing Update Known Vulnerabilities