SECUNIA ADVISORY ID:
SA34837
VERIFY ADVISORY:
http://secunia.com/advisories/34837/
DESCRIPTION:
jdc has discovered a vulnerability in the RS-Monials component for
Joomla, which can be exploited by malicious people to conduct script
insertion attacks.
Input passed to the "comments" parameter when submitting a
testimonial is not properly sanitised before being used. This can be
exploited to insert arbitrary HTML and script code, which will be
executed in a user's browser session in the context of an affected
site when the malicious testimonial is viewed.
The vulnerability is confirmed in version 1.5.1. Other versions may
also be affected.
SOLUTION:
Filter malicious characters and character sequences in a web proxy.
PROVIDED AND/OR DISCOVERED BY:
jdc
ORIGINAL ADVISORY:
http://milw0rm.com/exploits/8517