CVE-2008-3668

EPSS 1.5%

Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap.

Affected products

n/a · n/a

public PoCs found — 6

exploitdbwww.exploit-db.com/exploits/32200unverified exploitdbwww.exploit-db.com/exploits/32198unverified exploitdbwww.exploit-db.com/exploits/32202unverified exploitdbwww.exploit-db.com/exploits/32201unverified exploitdbwww.exploit-db.com/exploits/32199unverified exploitdbwww.exploit-db.com/exploits/32203unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lostmon.blogspot.com/2008/08/yogurt-social-network-multiple-scripts.html https://exchange.xforce.ibmcloud.com/vulnerabilities/44385 https://exchange.xforce.ibmcloud.com/vulnerabilities/44387 http://www.securityfocus.com/bid/30618 http://www.securityfocus.com/bid/30619