Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Joomla_content_editor | Ryan_demmer | 1.0.4 (including) | 1.0.4 (including) |
References
- http://forum.joomla.org/index.php?topic=113796.new#new
- http://www.cellardoor.za.net/index.php?option=com_content\u0026task=view\u0026id=28
- http://www.cellardoor.za.net/index.php?option=com_docman\u0026task=doc_download\u0026gid=51\u0026Itemid=6
- http://forum.joomla.org/index.php?topic=113796.new#new
- http://www.cellardoor.za.net/index.php?option=com_content\u0026task=view\u0026id=28
- http://www.cellardoor.za.net/index.php?option=com_docman\u0026task=doc_download\u0026gid=51\u0026Itemid=6