SECUNIA ADVISORY ID:
SA39829
VERIFY ADVISORY:
http://secunia.com/advisories/39829/
DESCRIPTION:
MustLive has reported a vulnerability in the 3D Users Cloud module
for Joomla, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Input passed via the "tagcloud" parameter to
modules/mod_usr3dcloud/tagcloud_rus.swf (when "mode" is set to
"tags") is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.
The vulnerability is reported in version 1.8. Other versions may also
be affected.
SOLUTION:
Filter malicious characters and character sequences using a proxy.
PROVIDED AND/OR DISCOVERED BY:
MustLive
ORIGINAL ADVISORY:
http://websecurity.com.ua/4198/