CVE-2012-1214

Name of the Vulnerable Software and Affected Versions Yoono Desktop Application versions prior to 1.8.21

Description A cross-site scripting (XSS) issue exists in the Add friends module, allowing remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action.

Recommendations For versions prior to 1.8.21, update to version 1.8.21 or later to resolve the issue. As a temporary workaround, consider restricting access to the Add friends module until the update is applied. Avoid using the create field in the "Create a group" action until the issue is resolved.