SECUNIA ADVISORY ID:
SA37518
VERIFY ADVISORY:
http://secunia.com/advisories/37518/
DESCRIPTION:
andresg888 has reported a vulnerability in the YOOtheme template for
Joomla, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Input passed to the "yt_color" parameter in index.php is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
andresg888
ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/10318
DOWNLOAD
JOOMLA!
OUR NETWORK
Joomla Extensions, Joomla Templates
Joomla!® User Group Thailand
รับทำเว็บ Joomla, อบรบ Joomla
