CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2012-1215
https://notcve.org/view.php?id=CVE-2012-1215
Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Add Friends en la extensión Yoono anteriores a v7.7.8 para Firefox, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de create field en una acción "create a group". • http://packetstormsecurity.org/files/109617/#comment-10344 http://packetstormsecurity.org/files/109617/Yoono-Firefox-7.7.0-Cross-Site-Scripting.html http://support.yoono.com/yoono/topics/xss-w35in http://www.securityfocus.com/bid/51970 https://exchange.xforce.ibmcloud.com/vulnerabilities/73150 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2012-1214
https://notcve.org/view.php?id=CVE-2012-1214
Cross-site scripting (XSS) vulnerability in the Add friends module in Yoono Desktop Application before 1.8.21 allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo 'friends' de Yoono Desktop Application antes de v1.8.21 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un campo 'create' en una acción "Crear un grupo". • http://packetstormsecurity.org/files/109618/#comment-10343 http://packetstormsecurity.org/files/109618/Yoono-Desktop-1.8.16-Cross-Site-Scripting.html http://support.yoono.com/yoono/topics/xss-w35in https://exchange.xforce.ibmcloud.com/vulnerabilities/73149 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 1%CPEs: 34EXPL: 0CVE-2009-4100
https://notcve.org/view.php?id=CVE-2009-4100
Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload. La extensión Yoono anterior a versión 6.1.1 para Firefox, realiza ciertas operaciones con privilegios de Chrome, que permite a los atacantes remotos asistidos por el usuario para ejecutar comandos arbitrarios y realizar ataques de tipo cross-domain scripting por medio de manejadores de eventos DOM tal y como onload. • http://secunia.com/advisories/37468 http://www.net-security.org/secworld.php?id=8527 http://www.securityfocus.com/bid/37123 http://www.vupen.com/english/advisories/2009/3326 https://addons.mozilla.org/en-US/firefox/addons/versions/1833#version-6.1.1 https://exchange.xforce.ibmcloud.com/vulnerabilities/54417 • CWE-20: Improper Input Validation •