CVE-2006-6419

jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor JCE 1.1.0 beta 2 and earlier for Joomla! comjce allows remote attackers to include and possibly execute arbitrary local files via the 1 plugin or 2 file parameter. NOTE: The provenance of this information is unknown; the...

CVE-2006-6419

CVE-2006-6419 affects Joomla! JCE Admin Component (com_jce) 1.1.0 beta2 and earlier. The vulnerability is a local file include/remote code execution issue in jce.php, where the (1) plugin or (2) file parameter can be used to include arbitrary local files, potentially executing PHP code on the ser...

CVE-2006-6420

Multiple cross-site scripting XSS vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor JCE 1.1.0 beta 2 and earlier for Joomla! comjce allow remote attackers to inject arbitrary web script or HTML via the 1 img, 2 title, 3 w, or 4 h parameter, different vecto...

CVE-2006-6166

Summary: CVE-2006-6166 is an XSS vulnerability in the Joomla Content Editor (JCE) Admin Component (com_jce) for Joomla! version 1.0.4, exploitable via the mosConfig_live_site parameter when the 20060821 jce_patch is not applied. The issue is caused by unsanitized input in jce.php (JCE Admin Compo...