Platform
joomla
Component
joomla
Fixed in
6.0.2
CVE-2023-54360 describes a reflected cross-site scripting (XSS) vulnerability discovered in Joomla JLex Review version 6.0.1. This vulnerability allows attackers to inject malicious JavaScript code into a user's browser by manipulating the review_id URL parameter. Successful exploitation could lead to session hijacking, credential theft, or other malicious actions. The vulnerability was published on 2026-04-09, and a fix is available via upgrade.
The primary impact of CVE-2023-54360 is the potential for attackers to execute arbitrary JavaScript code within the context of a victim's browser session. This can be achieved by crafting malicious URLs containing JavaScript payloads and enticing users to click them. Once executed, the attacker can steal session cookies, redirect users to phishing sites, or deface the website. The blast radius extends to any user who interacts with the vulnerable JLex Review component, particularly those who click on malicious links. This type of XSS vulnerability is particularly concerning because it can be easily exploited through social engineering techniques.
As of the publication date (2026-04-09), there is no indication of active exploitation of CVE-2023-54360. Public proof-of-concept (POC) code is not widely available. The vulnerability is not currently listed on the CISA KEV catalog. However, given the ease of exploitation inherent in reflected XSS vulnerabilities, it is likely that attackers will begin targeting this vulnerability in the near future.
Exploit Status
EPSS
0.03% (10% percentile)
CVSS Vector
The primary mitigation for CVE-2023-54360 is to upgrade Joomla JLex Review to a patched version. If upgrading immediately is not feasible, consider implementing input validation and output encoding on the review_id parameter to sanitize user-supplied data. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can also provide a layer of protection. Regularly scan your Joomla installation for vulnerabilities using a reputable security scanner.
Update the JLex Review component to the latest available version to mitigate the XSS vulnerability. Check the release notes for specific upgrade instructions. Additionally, properly validate and escape all user inputs to prevent future XSS vulnerabilities.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-54360 is a reflected XSS vulnerability in Joomla JLex Review 6.0.1, allowing attackers to inject malicious scripts via the review_id URL parameter.
You are affected if you are using Joomla JLex Review version 6.0.1 and have not upgraded to a patched version.
Upgrade Joomla JLex Review to a patched version. Implement input validation and output encoding as a temporary workaround.
There is currently no evidence of active exploitation, but the vulnerability is easily exploitable and could be targeted in the future.
Refer to the official Joomla security advisories for updates and further details regarding CVE-2023-54360.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.