CVE-2012-2901: XSS
First published: Mon May 21 2012(Updated: )
Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Joomla! Content Editor (JCE) | <=2.0.21 | |
| Joomla! Content Editor (JCE) | =2.0 | |
| Joomla |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-2901?
CVE-2012-2901 is classified as a medium severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2012-2901?
To address CVE-2012-2901, upgrade the Joomla Content Editor (JCE) component to version 2.1 or later.
Who is affected by CVE-2012-2901?
CVE-2012-2901 affects users of the Joomla Content Editor (JCE) versions prior to 2.1.
What can attackers do with CVE-2012-2901?
Attackers exploiting CVE-2012-2901 can inject arbitrary web scripts or HTML via the search parameter.
Is Joomla itself vulnerable through CVE-2012-2901?
No, Joomla as a platform is not affected; only the Joomla Content Editor (JCE) component prior to version 2.1 is vulnerable.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/description
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ryan demmer
- canonical/joomla! content editor (jce)
- version/joomla! content editor (jce)/2.0.21
- version/joomla! content editor (jce)/2.0
- vendor/joomla
- canonical/joomla