Orkut service is vulnerable to Cross-Site Scripting and HTML Injection and email address disclosure vulnerability. Which result in email address disclosure, stealing of cookie, IP info, refer info, browser information, clipboard content, operating system info, hardware Info, modification of page or html injection, url redirection, port scanning of the network, and even phishing is possible. This is caused due to improper validation of user-supplied inputs and improper designing of orkut portal.
http://www.xdisclose.com