First published: Mon May 21 2012(Updated: )
Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Joomla! Content Editor (JCE) | <=2.0.21 | |
Joomla! Content Editor (JCE) | =2.0 | |
Joomla |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-2901 is classified as a medium severity cross-site scripting (XSS) vulnerability.
To address CVE-2012-2901, upgrade the Joomla Content Editor (JCE) component to version 2.1 or later.
CVE-2012-2901 affects users of the Joomla Content Editor (JCE) versions prior to 2.1.
Attackers exploiting CVE-2012-2901 can inject arbitrary web scripts or HTML via the search parameter.
No, Joomla as a platform is not affected; only the Joomla Content Editor (JCE) component prior to version 2.1 is vulnerable.