CVE-2012-1215

Name of the Vulnerable Software and Affected Versions Yoono extension versions prior to 7.7.8

Description A cross-site scripting (XSS) issue exists in the Add friends module of the Yoono extension, allowing remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action.

Recommendations For versions prior to 7.7.8, update to version 7.7.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the Add friends module until the update is applied.