{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-02-10T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field in a \"Create a group\" action."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.org/files/109617/Yoono-Firefox-7.7.0-Cross-Site-Scripting.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.yoono.com/yoono/topics/xss-w35in"}, {"name": "51970", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51970"}, {"name": "yoonofirefoxextension-addfriends-xss(73150)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73150"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.org/files/109617/#comment-10344"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1215", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field in a \"Create a group\" action."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.org/files/109617/Yoono-Firefox-7.7.0-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.org/files/109617/Yoono-Firefox-7.7.0-Cross-Site-Scripting.html"}, {"name": "http://support.yoono.com/yoono/topics/xss-w35in", "refsource": "CONFIRM", "url": "http://support.yoono.com/yoono/topics/xss-w35in"}, {"name": "51970", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51970"}, {"name": "yoonofirefoxextension-addfriends-xss(73150)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73150"}, {"name": "http://packetstormsecurity.org/files/109617/#comment-10344", "refsource": "MISC", "url": "http://packetstormsecurity.org/files/109617/#comment-10344"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1215", "datePublished": "2012-02-20T20:00:00", "dateReserved": "2012-02-20T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yoono:yoono_for_firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DF2D4F7-8F4C-4CC8-AF40-7E0E54C8ECB9", "versionEndIncluding": "7.7.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field in a \"Create a group\" action."}, {"lang": "es", "value": "vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo Add Friends en la extensi\u00f3n Yoono anteriores a v7.7.8 para Firefox, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de create field en una acci\u00f3n \"create a group\"."}], "id": "CVE-2012-1215", "lastModified": "2017-08-29T01:31:15.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-02-21T13:31:21.830", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/files/109617/#comment-10344"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/files/109617/Yoono-Firefox-7.7.0-Cross-Site-Scripting.html"}, {"source": "cve@mitre.org", "url": "http://support.yoono.com/yoono/topics/xss-w35in"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/51970"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73150"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}