Joomla 3D Users Cloud Module "tagcloud" Cross-Site Scripting Vulnerability

SECUNIA ADVISORY ID:
SA39829

VERIFY ADVISORY:
http://secunia.com/advisories/39829/

DESCRIPTION:
MustLive has reported a vulnerability in the 3D Users Cloud module
for Joomla, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Input passed via the "tagcloud" parameter to
modules/mod_usr3dcloud/tagcloud_rus.swf (when "mode" is set to
"tags") is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.

The vulnerability is reported in version 1.8. Other versions may also
be affected.

SOLUTION:
Filter malicious characters and character sequences using a proxy.

PROVIDED AND/OR DISCOVERED BY:
MustLive

ORIGINAL ADVISORY:
http://websecurity.com.ua/4198/

RECENT ARTICLE

RECENT POST