installed on a WordPress
installation
Malicious sends admin a link to the page that has this auto-submit form
Without victim noticing, events older than 1 day will be removed.
Solution:
Vendor in a matter of few hours launched a patched version – 1.5.50. Also
he was kind enough to put
CVE Reference: CVE-2015-7324
Original advisory:
https://www.davidsopas.com/komento-joomla-component-persistent-xss/
Author: David Sopas @dsopas
Komento is a Joomla! comment extension for articles and blogs in K2,
EasyBlog, ZOO, Flexicontent, VirtueMart and redShop.
@http://stackideas.com/komento
