CVE-2018-9183

MEDIUM

Joom Sky JS Jobs < 1.2.1 - Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-9183. PoCs published by Sureshbabu Narvaneni.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in Joomla! Component JS Jobs 1.2.0. The exploit involves inserting a malicious payload into the URL field when creating a company entry, which executes when viewed.

Description

The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS.

Exploits (1)

exploitdb WRITEUP

by Sureshbabu Narvaneni · textwebappsphp

https://www.exploit-db.com/exploits/44401

View Code ZIP pw:eip

This is a writeup describing a stored XSS vulnerability in Joomla! Component JS Jobs 1.2.0. The exploit involves inserting a malicious payload into the URL field when creating a company entry, which executes when viewed.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Joomla! Component JS Jobs 1.2.0

Auth required

Prerequisites: Employer account access in JS Jobs

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44401/

Product, Release Notes x_refsource_misc

https://www.joomsky.com/products/js-jobs.html

Vendor Advisory x_refsource_misc

https://vel.joomla.org/resolved/2146-js-jobs-1-2-0-xss-cross-site-scripting

Scores

CVSS v3 5.4

EPSS 0.0231

EPSS Percentile 81.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

joomsky/js_jobs < 1.2.1

Published Apr 02, 2018

Tracked Since Feb 18, 2026