Joomla! contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker provides malformed HTML tags to the 'mosmsg' variable in the poll system. Due to an error in the anti cross site scripting (XSS) code in includes/phpInputFilter/class.inputfilter.php, such a request will cause a denial of service and may result in loss of availability for the system.

Upgrade to version 1.0.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Secunia Advisory ID: 19105
• CVE ID: 2006-1029 (see also: NVD)
• Related OSVDB ID: 23815 23817 23818 23819 23820 23821 23822
• VUPEN Advisory: ADV-2006-0818
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0601.html
• Vendor URL: http://www.joomla.org/
• Vendor Specific News/Changelog Entry: http://www.joomla.org/content/view/938/78/

• Foster - ghcghc.ru - RST/GHC