SECUNIA ADVISORY ID: SA45083 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45083/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45083 RELEASE DATE: 2011-06-30DESCRIPTION: Two vulnerabilities have been reported in the Newsletter Subscriber plugin for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "name" and "email" POST parameter to index.php when viewing pages using the plugin is not properly sanitised in newsletter_subscriber.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 1.3 for Joomla! 1.5 and confirmed in version 1.2 for Joomla! 1.6. Prior versions may also be affected. SOLUTION: Update to version 1.3 for Joomla! 1.5 (released June 28th, 2011) or version 1.2 for Joomla! 1.6 (released June 29th, 2011). PROVIDED AND/OR DISCOVERED BY: Reported by the Joomla! VEL team. ORIGINAL ADVISORY: http://docs.joomla.org/Vulnerable_Extensions_List#Newsletter_Subscriber