Joomla RS-Monials Component "comments" Script Insertion Vulnerability

SECUNIA ADVISORY ID:
SA34837

VERIFY ADVISORY:
http://secunia.com/advisories/34837/

DESCRIPTION:
jdc has discovered a vulnerability in the RS-Monials component for
Joomla, which can be exploited by malicious people to conduct script
insertion attacks.

Input passed to the "comments" parameter when submitting a
testimonial is not properly sanitised before being used. This can be
exploited to insert arbitrary HTML and script code, which will be
executed in a user's browser session in the context of an affected
site when the malicious testimonial is viewed.

The vulnerability is confirmed in version 1.5.1. Other versions may
also be affected.

SOLUTION:
Filter malicious characters and character sequences in a web proxy.

PROVIDED AND/OR DISCOVERED BY:
jdc

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/8517

RECENT ARTICLE

RECENT POST