Joomla JomSocial Component Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA40296

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40296/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40296

RELEASE DATE:
2010-06-25
DESCRIPTION:
Multiple vulnerabilities have been reported in the JomSocial
component for Joomla, which can be exploited by malicious users to
conduct script insertion attacks and by malicious people to conduct
cross-site scripting attacks.

1) Input passed via the "About me", "Mobile phone", "Land phone",
"State", "City / Town", "Website", and "College / University" fields
in the "Edit profile" page, "Your Name" field in the "Edit details"
page, "Group name" field in the "My Groups" page, "Subject" and
"Message" fields in the "Compose" page, "Description" field in the
"Create new album" page, "Report message" field in the "Report user"
page, and "Title" and "Description" fields in the "Create New Event"
page is not properly sanitised before being used. This can be
exploited to insert arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when the malicious data is being viewed.

2) Input passed to the "q" parameter in index.php (when "option" is
set to "com_community" and "view" is set to "search") is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.

SOLUTION:
Update to version 1.6.291.

PROVIDED AND/OR DISCOVERED BY:
jdc

ORIGINAL ADVISORY:
jdc:
http://www.exploit-db.com/exploits/13962/

JomSocial:
http://www.jomsocial.com/blog/security-patch-for-jomsocial-15-and-16.html
http://www.jomsocial.com/blog/security-patch-for-jomsocial-16x.html