SECUNIA ADVISORY ID:
jdc has discovered a vulnerability in the RS-Monials component for
Joomla, which can be exploited by malicious people to conduct script
Input passed to the "comments" parameter when submitting a
testimonial is not properly sanitised before being used. This can be
exploited to insert arbitrary HTML and script code, which will be
executed in a user's browser session in the context of an affected
site when the malicious testimonial is viewed.
The vulnerability is confirmed in version 1.5.1. Other versions may
also be affected.
Filter malicious characters and character sequences in a web proxy.
PROVIDED AND/OR DISCOVERED BY: