CVE-2023-54363

Joomla Solidres 2.13.3 Reflected XSS via Multiple Parameters

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, type_id, distance, facilities, categories, prices, location, and Itemid. Attackers can craft malicious URLs containing JavaScript payloads in these parameters to steal session tokens, login credentials, or manipulate site content when victims visit the crafted links.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected products

Solidres · Joomla Solidres

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/51638unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://extensions.joomla.org/extension/vertical-markets/booking-a-reservations/solidres/http://solidres.com/https://www.exploit-db.com/exploits/51638 https://www.vulncheck.com/advisories/joomla-solidres-reflected-xss-via-multiple-parameters