CVE-2009-4168

Name of the Vulnerable Software and Affected Versions WP-Cumulus plugin versions prior to 1.23 Joomulus module versions 2.0 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action, which can lead to cross-site scripting (XSS). This occurs in the tagcloud.swf file used by the affected plugins.

Recommendations For WP-Cumulus plugin versions prior to 1.23, update to version 1.23 or later. For Joomulus module versions 2.0 and earlier, consider disabling the module until a patch is available. As a temporary workaround, consider restricting access to the tagcloud parameter in the tags action to minimize the risk of exploitation.