CVE-2017-9934

MEDIUM

Joomla! 1.7.3-3.7.2 - Cross-Site Scripting via Missing CSRF Token Checks

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-9934. PoCs published by xyringe.

AI-analyzed exploit summary This PoC demonstrates a CSRF vulnerability in Joomla 1.7.3 to 3.7.2, where unsanitized base64 input in the 'jform[type]' parameter leads to XSS via a crafted JSON payload. The exploit triggers an error message that renders the malicious script without sanitization.

Description

Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.

Exploits (1)

nomisec WORKING POC
by xyringe · poc
https://github.com/xyringe/CVE-2017-9934

This PoC demonstrates a CSRF vulnerability in Joomla 1.7.3 to 3.7.2, where unsanitized base64 input in the 'jform[type]' parameter leads to XSS via a crafted JSON payload. The exploit triggers an error message that renders the malicious script without sanitization.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Joomla 1.7.3 to 3.7.2
Auth required
Prerequisites: Valid Joomla administrator session · Access to the administrator panel
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99451
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038817

Scores

CVSS v3 6.1
EPSS 0.0041
EPSS Percentile 61.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (50)
joomla/joomla\! 1.7.3
joomla/joomla\! 1.7.4
joomla/joomla\! 1.7.5
joomla/joomla\! 2.5.0
joomla/joomla\! 2.5.1
joomla/joomla\! 2.5.2
joomla/joomla\! 2.5.3
joomla/joomla\! 2.5.4
joomla/joomla\! 2.5.5
joomla/joomla\! 2.5.6
... and 40 more
Published Jul 17, 2017
Tracked Since Feb 18, 2026