SECUNIA ADVISORY ID:
MustLive has reported a vulnerability in the 3D Users Cloud module
for Joomla, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Input passed via the "tagcloud" parameter to
modules/mod_usr3dcloud/tagcloud_rus.swf (when "mode" is set to
"tags") is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.
The vulnerability is reported in version 1.8. Other versions may also
Filter malicious characters and character sequences using a proxy.
PROVIDED AND/OR DISCOVERED BY: