Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE prior to 2.4, as used in Mambo 4.6.3 and previous versions, allows remote malicious users to inject arbitrary web script or HTML via the Command parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mambo-foundation mambo |
||
mambo-foundation mambo 4.6.2 |
||
brilaps mostlyce |