Unrated severityNVD Advisory· Published Nov 29, 2006· Updated Jun 16, 2026
CVE-2006-6166
CVE-2006-6166
Description
Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter.
Affected products
2- cpe:2.3:a:ryan_demmer:joomla_content_editor:1.0.4:*:*:*:*:*:*:*
- Range: = 1.0.4 (without 20060821 patch)
Patches
Vulnerability mechanics
References
3- forum.joomla.org/index.phpnvdPatch
- www.cellardoor.za.net/index.phpnvdPatch
- www.cellardoor.za.net/index.phpnvdPatch
News mentions
0No linked articles in our index yet.