Thursday, 17 September 2009 00:00
MS Comment 0.8.0b for Joomla, a commenting plugin, suffers from an multiple vulnerabilities.
Captcha CrackingThe submission uses AJAX and fails to reset the captcha after a submission. Read once, write many.
Website Input XSSThe 'Website' input field is checked for html markup, but fails to sanitize extra parameters.
- Vulnerabilities Discovered: 31 July 2009
- Vendor Notified: 31 July 2009
- Vendor Response: ... 2009
- Update Available: ... 2009
- Disclosure: 17 September 2009
Last Updated on Thursday, 30 September 2010 17:36
The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.