SECUNIA ADVISORY ID:
Customer Area (Credentials Required)
Two vulnerabilities have been reported in the RSComments component
for Joomla, which can be exploited by malicious people to conduct
script insertion attacks.
Input passed via the "website" and "name" parameters to index.php
(when "option" is set to "com_rscomments") when posting a comment is
not properly sanitised before being used. This can be exploited to
insert arbitrary HTML and script code, which will be executed in a
user's browser session in context of an affected site when the
malicious data is being viewed.
The vulnerabilities are reported in version Rev 2. Other versions may
also be affected.
Update to version Rev 3.
PROVIDED AND/OR DISCOVERED BY: