Unrated severityNVD Advisory· Published Aug 13, 2008· Updated Apr 23, 2026

CVE-2008-3668

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap.

Affected products

Marcello Brandao/Yogurt Social Network Module
cpe:2.3:a:marcello_brandao:yogurt_social_network_module:3.2:rc1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lostmon.blogspot.com/2008/08/yogurt-social-network-multiple-scripts.htmlnvd
www.securityfocus.com/bid/30618nvd
www.securityfocus.com/bid/30619nvd
exchange.xforce.ibmcloud.com/vulnerabilities/44385nvd
exchange.xforce.ibmcloud.com/vulnerabilities/44387nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000