Youjoomla Blog

Thanks to Mr andresg888 and Mr Lafrance , we have discovered low risk XSS vulnerability in YJ Whois and YJ Whois 2.0 Joomla versions 1.0x and 1.5.x. All files on the server have been updated. If you are using these extensions please download the new versions and reinstall

If you use any of these demo installations the buggy version of YJ Whois is included ,

• H-Connect for Joomla 1.0 and Joomla 1.5
• Youhostit for  Joomla 1.5 

File affected is ,   modules/mod_yj_whois.php.

Visit this forum thread for manual fix.