Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.Referenceshttp://www.securityfocus.com/bid/45296http://jxtended.com/blog/releases/375-jxtended-comments-131-stable-released.htmlhttp://secunia.com/advisories/42534
