Joomla! Security Team has confirmed that this issue will not be fixed.
>> While noted, your exploit report does not fall within the JSST remit as >> we no longer support J1.0.x branch (as you are aware and indicate). >> The vulnerability mentioned is not known to exist in any current supported >> release. >> Please ensure you are using the latest version of Joomla! The advisory has been updated with vendor's response: http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.0.x~15%5D_cross_site_scripting The CVE ID, CVE-2011-0005, has been assigned for it. --------------------------------- Best regards, YGN Ethical Hacker Group Yangon, Myanmar http://yehg.net Our Lab | http://yehg.net/lab Our Directory | http://yehg.net/hwd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/