PT-2006-6800 · Ryan Demmer · Joomla Content Editor+1

Published

2006-11-29

Updated

2008-09-05

CVE-2006-6166

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions JCE Admin Component in Ryan Demmer Joomla Content Editor version 1.0.4

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the mosConfig live site parameter. This can be exploited by attackers to execute malicious scripts on the victim's browser.

Recommendations For version 1.0.4, apply the 20060821 jce patch to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6166

Affected Products

Jce Admin

Joomla Content Editor

PT-2006-6800 · Ryan Demmer · Joomla Content Editor+1

CVE-2006-6166

Related Identifiers

Affected Products

References · 4