Platform
joomla
Component
joomla
Fixed in
4.1.2
CVE-2023-54361 describes a reflected cross-site scripting (XSS) vulnerability present in Joomla iProperty Real Estate version 4.1.1. This flaw allows attackers to inject malicious scripts into a user's browser by manipulating the filter_keyword parameter within the all-properties-with-map endpoint. Successful exploitation could lead to session token theft or other unauthorized actions, impacting website users and potentially compromising sensitive data.
The primary impact of CVE-2023-54361 is the potential for cross-site scripting (XSS) attacks. An attacker could craft a malicious URL containing JavaScript code within the filter_keyword parameter. When a user clicks on this crafted URL, the injected script executes within their browser context. This allows the attacker to steal session cookies, redirect the user to a phishing site, or deface the website. The blast radius extends to all users who interact with the vulnerable all-properties-with-map endpoint, particularly those who click on links from untrusted sources. While the vulnerability is reflected, the ease of crafting a malicious URL makes it relatively simple to exploit.
CVE-2023-54361 was publicly disclosed on 2026-04-09. There is no indication of active exploitation campaigns or KEV listing at the time of this writing. Public proof-of-concept (POC) code may be available or emerge, increasing the risk of exploitation. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2023-54361 is to upgrade Joomla iProperty Real Estate to a patched version. The vendor has not released a specific fixed version in the provided data, so monitor the Joomla website and iProperty Real Estate's official channels for updates. As a temporary workaround, implement strict input validation and output encoding on the filter_keyword parameter within the all-properties-with-map endpoint. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can also provide an additional layer of defense. Regularly scan the website for XSS vulnerabilities using automated tools.
Update the Joomla iProperty Real Estate plugin to the latest available version to mitigate the XSS vulnerability. Check for updates on the developer's website or through the Joomla extension manager. Implement proper user input validation and encoding to prevent future XSS attacks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-54361 is a reflected XSS vulnerability in Joomla iProperty Real Estate 4.1.1, allowing attackers to inject malicious scripts via the filter_keyword parameter.
If you are using Joomla iProperty Real Estate version 4.1.1, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as it becomes available.
The recommended fix is to upgrade to a patched version of Joomla iProperty Real Estate. Monitor the vendor's website for updates and implement input validation as a temporary workaround.
There is currently no confirmed evidence of active exploitation, but public proof-of-concept code may emerge, increasing the risk.
Refer to the Joomla website and iProperty Real Estate's official channels for the latest security advisories and updates related to CVE-2023-54361.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.