Sunday, 15 November 2009 00:00

Joomla Commentator 1.1b3, a Joomla commenting plugin, suffers from an XSS vulnerability in its "title" field that enables attackers to possibly run scripts as an administrator.

title"/onmouseover="alert(/xss/.source)

Timeline

  • Vulnerabilities Discovered: 3 November 2009
  • Vendor Notified: 3 November 2009
  • Vendor Response: ... 2009
  • Update Available: ... 2009
  • Disclosure: 15 November 2009
Last Updated on Thursday, 30 September 2010 17:35
 

Add your comment

Your name:
Comment:
  The word for verification. Lowercase letters only with no spaces.
Word verification:

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.

Santorum
Joomla Extensions