CVE-2008-3668 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php (2) seutubo.php (3) album.php (4) scrapbook.php (5) index.php or (6) tribes.php; or (7) the description field of a new scrap.

Reference

http://lostmon.blogspot.com/2008/08/yogurt-social-network-multiple-scripts.html http://www.securityfocus.com/bid/30618 http://www.securityfocus.com/bid/30619 https://exchange.xforce.ibmcloud.com/vulnerabilities/44385 https://exchange.xforce.ibmcloud.com/vulnerabilities/44387