SECUNIA ADVISORY ID:
Customer Area (Credentials Required)
Aung Khant has reported a vulnerability in the BlastChat Client
component for Joomla! / Mambo, which can be exploited by malicious
people to conduct cross-site scripting attacks.
Input passed via the "Itemid" parameter to index.php (when "option"
is set to "com_blastchatc") is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
The vulnerability is reported in versions prior to 3.4.
Update to version 3.4.
PROVIDED AND/OR DISCOVERED BY:
Aung Khant, YGN Ethical Hacker Group.