Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.
http://www.vupen.com/english/advisories/2006/5202
http://www.securityfocus.com/bid/21810
http://www.joomla.org/content/view/2495/78/
http://secunia.com/advisories/23563
http://jvn.jp/jp/JVN%2345006961/index.html