Vulnerabilities > Ryan Demmer
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-05-21 | CVE-2012-2902 | Unspecified vulnerability in Ryan Demmer Joomla Content Editor 2.0 Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht. | 6.0 |
| 2012-05-21 | CVE-2012-2901 | Cross-Site Scripting vulnerability in Ryan Demmer Joomla Content Editor 2.0 Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php. | 4.3 |
| 2006-12-10 | CVE-2006-6420 | Cross-Site Scripting vulnerability in JCE Admin Component for Joomla Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. network ryan-demmer | 6.8 |
| 2006-12-10 | CVE-2006-6419 | Local File-Include vulnerability in JCE Admin Component for Joomla jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allows remote attackers to include and possibly execute arbitrary local files via the (1) plugin or (2) file parameter. | 7.5 |
| 2006-11-29 | CVE-2006-6166 | Cross-Site Scripting vulnerability in Ryan Demmer Joomla Content Editor 1.0.4 Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter. network ryan-demmer | 6.8 |