CVE-2007-3249

Name of the Vulnerable Software and Affected Versions: Joomla! mod letterman module versions prior to 1.2.5

Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the Itemid parameter in the mod lettermansubscribe.php file.

Recommendations: For versions prior to 1.2.5, update to version 1.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the mod lettermansubscribe.php file until a patch is applied. Avoid using the Itemid parameter in the affected module until the issue is resolved.