CVE-2006-6420

Name of the Vulnerable Software and Affected Versions JCE Admin Component in Ryan Demmer Joomla Content Editor versions 1.1.0 beta 2 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the img, title, w, or h parameter.

Recommendations For versions 1.1.0 beta 2 and earlier, avoid using the parameters img, title, w, or h in the affected jce.php file until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.