Description
Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap.
Exploits (6)
exploitdb
WORKING POC
VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/32203
exploitdb
WORKING POC
VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/32199
exploitdb
WORKING POC
VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/32201
exploitdb
WORKING POC
VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/32202
exploitdb
WORKING POC
VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/32198
exploitdb
WORKING POC
VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/32200
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44387
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30618
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44385
Various Sources x_refsource_misc
http://lostmon.blogspot.com/2008/08/yogurt-social-network-multiple-scripts.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30619
Scores
EPSS
0.0034
EPSS Percentile
56.3%
Details
CWE
CWE-79
Status
published
Products (1)
marcello_brandao/yogurt_social_network_module
3.2 rc1
Published
Aug 13, 2008
Tracked Since
Feb 18, 2026