CVE-2012-1215 Information

Description

Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field in a \Create a group\ action.

Reference

http://packetstormsecurity.org/files/109617/comment-10344 http://packetstormsecurity.org/files/109617/Yoono-Firefox-7.7.0-Cross-Site-Scripting.html http://support.yoono.com/yoono/topics/xss-w35in http://www.securityfocus.com/bid/51970 https://exchange.xforce.ibmcloud.com/vulnerabilities/73150