To install this patch:
- Download the file below
- unzip it and copy it to your /components/com_community/ folder
- Also make sure that all your modules and plugins in up-to-date
Alternatively, if you have little or no template customization, you may download the latest build and simply install it over your current version without uninstalling the older version.
For JomSocial 1.6 that is older than 1.6.288 please make sure you have applied the previous JomSocial update, announced here.
For JomSocial 1.5 and 1.2 with March 31 2010 patch, you may simply install this plugin instead. It will plug the non-persistent xss security issue without having to patch the file.
Please take note that we have only tested the patches on the 1.6.x releases. The patches have also been deployed in our latest stable release 1.6.291 which can be downloaded from your account area at http://jomsocial.com/download.html . If you are using the unsupported 1.7 or 1.8 release, a new build will be published shortly.
Exploit type: XSS Injection
Reported Date: 2010-June-22
Fixed Date: 2010-June-22