Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and previous versions for Joomla! (com_jce) allow remote malicious users to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ryan demmer joomla content editor 1.1.0_beta2 |
||
ryan demmer joomla content editor 1.0.4 |