Joomla JCE Component Security Bypass and Cross-Site Scripting Vulnerabilities
The information has been provided by Jon Butler.
The original article can be found at: http://www.securityfocus.com/bid/53630
* Joomla JCE 2.1
Non Vulnerable Systems:
*Joomla JCE 2.1.3
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Joomla JCE had issued an update for this vulnerability
Initial Release: May 21 2012