Plattform
joomla
Komponente
joomla
Behoben in
4.1.2
CVE-2023-54361 describes a reflected cross-site scripting (XSS) vulnerability present in Joomla iProperty Real Estate version 4.1.1. This flaw allows attackers to inject malicious JavaScript code into victim browsers by manipulating the filter_keyword parameter within the all-properties-with-map endpoint. Successful exploitation could lead to session token theft or other unauthorized actions, impacting website users and administrators.
The primary impact of CVE-2023-54361 is the potential for cross-site scripting attacks. An attacker could craft a malicious URL containing a JavaScript payload within the filter_keyword parameter. When a user clicks this link, the injected script executes in their browser within the context of the Joomla iProperty Real Estate website. This allows the attacker to steal session cookies, redirect the user to a phishing site, or deface the website. The blast radius extends to all users who interact with the vulnerable endpoint, particularly those who click on links from untrusted sources. While the vulnerability is reflected, the ease of crafting a malicious URL makes it relatively simple to exploit.
CVE-2023-54361 was publicly disclosed on 2026-04-09. There is no indication of active exploitation campaigns or KEV listing at the time of writing. Public proof-of-concept (POC) code is likely to emerge given the relatively simple nature of reflected XSS vulnerabilities. Monitor security advisories from Joomla and the iProperty Real Estate vendor for updates and patch releases.
Websites using Joomla iProperty Real Estate version 4.1.1 are at risk. Specifically, sites that rely on user-supplied input within the filter_keyword parameter without proper sanitization are particularly vulnerable. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromise of one site could potentially lead to the compromise of others.
• joomla / server:
grep -r 'filter_keyword=[^&]*' /var/log/apache2/access.log | grep -i 'javascript:'• generic web:
curl -I 'https://example.com/all-properties-with-map?filter_keyword=<script>alert(1)</script>' | grep 'Content-Type:'disclosure
Exploit-Status
EPSS
0.04% (11% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2023-54361 is to upgrade Joomla iProperty Real Estate to a patched version. Unfortunately, the input does not specify a fixed version. Until a patch is available, implement input validation and sanitization on the filterkeyword parameter within the all-properties-with-map endpoint. This should include strict whitelisting of allowed characters and escaping any potentially malicious input. Consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious JavaScript payloads in the filterkeyword parameter. Regularly review and update Joomla and its extensions to ensure you are using the latest security patches.
Aktualisieren Sie das Joomla iProperty Real Estate Plugin auf die neueste verfügbare Version, um die XSS-Schwachstelle zu beheben. Überprüfen Sie die Updates auf der Website des Entwicklers oder über den Joomla-Erweiterungsmanager. Implementieren Sie eine angemessene Validierung und Kodierung der Benutzereingabe, um zukünftige XSS-Angriffe zu verhindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2023-54361 is a reflected XSS vulnerability in Joomla iProperty Real Estate 4.1.1, allowing attackers to inject malicious scripts via the filter_keyword parameter.
If you are using Joomla iProperty Real Estate version 4.1.1, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as it becomes available.
The recommended fix is to upgrade to a patched version of Joomla iProperty Real Estate. Monitor the vendor's website for updates and implement input validation as a temporary workaround.
There is currently no confirmed evidence of active exploitation, but public proof-of-concept code may emerge, increasing the risk.
Refer to the Joomla website and iProperty Real Estate's official channels for the latest security advisories and updates related to CVE-2023-54361.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.