← back
CVE-2023-54361

Joomla iProperty Real Estate 4.1.1 Reflected XSS via filter_keyword

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter_keyword parameter. Attackers can craft URLs containing JavaScript payloads in the filter_keyword GET parameter of the all-properties-with-map endpoint to execute arbitrary code in victim browsers and steal session tokens or credentials.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
Thethinkery · Joomla iProperty Real Estate
public PoCs found1
cve_referencewww.exploit-db.com/exploits/51640unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://extensions.joomla.org/extension/vertical-markets/real-estate/iproperty/https://www.exploit-db.com/exploits/51640https://www.vulncheck.com/advisories/joomla-iproperty-real-estate-reflected-xss-via-filter-keywordhttp://thethinkery.net