Joomla! 1.5 and 1.6 rely on the JFilterInput class to sanitize user-supplied html. This class attempts to parse any given string for html code, checks the code against a whitelist of elements and attributes, and strips out any code that is not allowed. However, malformed html code can be used to bypass the filter and inject XSS code into user-supplied input.
d1c7d9bd65808d2318a87184f308f50b77012630bad28f43fca5b7c9862ab2bd
Joomla! versions 1.5.22 and 1.6.0 suffer from a spam relay vulnerability.
02a3b01ea3eba1f573ef363a41ec2af7ea94edb1ac39f97187cb65cad191929f
JomSocial version 1.8.8 suffers from a shell upload vulnerability.
ebcc698829cd4fe34fbf554ffaa108281816ea706a40d4c0200f77534f9604ea