Joomla! Joomulus Module "tagcloud" Cross-Site Scripting Vulnerability 

SECUNIA ADVISORY ID:
SA37994

VERIFY ADVISORY:
http://secunia.com/advisories/37994/

DESCRIPTION:
MustLive has discovered a vulnerability in the Joomulus module for
Joomla!, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Input passed via the "tagcloug" parameter to tagcloud_ell.swf,
tagcloud_eng.swf, tagcloud_por.swf, tagcloud_rus.swf, and potentially
tagcloud_jpn.swf in modules/mod_joomulus/ (when "mode" is set to
"tags") is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.

The vulnerability is confirmed in version 2.0. Other versions may
also be affected.

SOLUTION:
Filter malicious characters and character sequences using a proxy.

PROVIDED AND/OR DISCOVERED BY:
MustLive

ORIGINAL ADVISORY:
http://websecurity.com.ua/3789/

DOWNLOAD
JOOMLA!

Download Joomla!

Joomla! 4.x Thai Translation Language Packs

Joomla! 3.x Thai Translation Language Packs

OUR NETWORK


CMSPlugin.com
Joomla Extensions, Joomla Templates

Joomla!® User Group Thailand
Joomla!® User Group Thailand


Marvelic Engine Co., Ltd. รับพัฒนาเว็บไซต์ด้วย Joomla! , รับอบรม Joomla , ผู้เชี่ยวชาญ จูมล่า
รับทำเว็บ Joomla, อบรบ Joomla

Ribbon