CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-6166

Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.4%

CVSS Severity

CVSS v2 Score 6.8

References

http://forum.joomla.org/index.php?topic=113796.new#new
http://www.cellardoor.za.net/index.php?option=com_content&task=view&id=28
http://www.cellardoor.za.net/index.php?option=com_docman&task=doc_download&gid=51&Itemid=6
http://forum.joomla.org/index.php?topic=113796.new#new
http://www.cellardoor.za.net/index.php?option=com_content&task=view&id=28
http://www.cellardoor.za.net/index.php?option=com_docman&task=doc_download&gid=51&Itemid=6

Products affected by CVE-2006-6166

Ryan Demmer » Joomla Content Editor » Version: 1.0.4

cpe:2.3:a:ryan_demmer:joomla_content_editor:1.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-6166

Products

Pricing

Contact Us