VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 21, 2008· Updated Apr 23, 2026

CVE-2008-4629

CVE-2008-4629

Description

Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

MyNETS 1.2.0 and earlier contain a cross-site scripting (XSS) vulnerability, allowing arbitrary script execution via crafted pages.

Vulnerability

MyNETS, an open source SNS (Social Networking Service) software provided by Usagi Project, contains a cross-site scripting (XSS) vulnerability in versions Ver1.2.0 and earlier. The vulnerability allows remote attackers to inject arbitrary web script or HTML via unspecified vectors [1][2].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious web page that, when viewed by a user, executes arbitrary script in the user's web browser. The attacker does not require authentication; the attack can be launched remotely over the network. The attack complexity is medium, likely requiring some user interaction such as clicking a link [1].

Impact

If a user views a specially crafted web page, arbitrary script may be executed on the user's web browser. As a result, user information may be disclosed, or a user may be directed to an unintended site [1][2]. The confidentiality impact is none, but integrity impact is partial [1].

Mitigation

The only mitigation described in the available references is to update the software to the latest version according to information provided by the developer [1][2]. No specific patched version number or release date is given in the sources. The property is listed in JVNDB and JVN, but not in the CISA KEV catalog.

References
  1. JVNDB-2008-000071 - JVN iPedia - 脆弱性対策情報データベース
  2. JVN#53267766 MyNETS cross-site scripting vulnerability

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Usagi/Mynets6 versions
    cpe:2.3:a:usagi:mynets:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:usagi:mynets:*:*:*:*:*:*:*:*range: <=1.2.0
    • cpe:2.3:a:usagi:mynets:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:usagi:mynets:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:usagi:mynets:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:usagi:mynets:1.2.1:*:*:*:*:*:*:*
    • (no CPE)range: <=1.2.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.