CVE-2012-2901

Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
ryan_demmerjoomla_content_editor
𝑥
≤ 2.0.21
ryan_demmerjoomla_content_editor
2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/49206
http://secunia.com/secunia_research/2012-14/
http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32
http://www.securityfocus.com/bid/53559
https://exchange.xforce.ibmcloud.com/vulnerabilities/75670
http://secunia.com/advisories/49206
http://secunia.com/secunia_research/2012-14/
http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32
http://www.securityfocus.com/bid/53559
https://exchange.xforce.ibmcloud.com/vulnerabilities/75670