CVE-2008-3668

Name of the Vulnerable Software and Affected Versions Yogurt Social Network module version 3.2 rc1 for XOOPS

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via the uid parameter to various API endpoints, including "friends.php", "seutubo.php", "album.php", "scrapbook.php", "index.php", or "tribes.php", or through the description field of a new scrap.

Recommendations For Yogurt Social Network module version 3.2 rc1, consider disabling the affected API endpoints ("friends.php", "seutubo.php", "album.php", "scrapbook.php", "index.php", "tribes.php") and restricting access to the description field of new scraps until a patch is available. Avoid using the uid parameter in the affected API endpoints until the issue is resolved.