CVE-2019-6263

MEDIUM

Joomla! < 3.9.2 - Stored Cross-Site Scripting in Global Configuration Text Filter Settings

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-6263. PoCs published by Praveen Sutar, praveensutar.

AI-analyzed exploit summary This is a working proof-of-concept for a stored XSS vulnerability in Joomla's Global Configuration Text Filter settings. The exploit demonstrates how an attacker can inject malicious JavaScript payloads into the configuration, which are then executed when the page is accessed.

Description

An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS.

Exploits (2)

exploitdb WORKING POC

by Praveen Sutar · textwebappsphp

https://www.exploit-db.com/exploits/46200

View Code ZIP pw:eip

This is a working proof-of-concept for a stored XSS vulnerability in Joomla's Global Configuration Text Filter settings. The exploit demonstrates how an attacker can inject malicious JavaScript payloads into the configuration, which are then executed when the page is accessed.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Joomla versions 2.5.0 through 3.9.1

Auth required

Prerequisites: Access to Joomla administrator console

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec STUB 6 stars

by praveensutar · poc

https://github.com/praveensutar/CVE-2019-6263-Joomla-POC

View Code ZIP pw:eip

The repository contains only a README.md file with minimal content, lacking any exploit code or technical details for CVE-2019-6263. It appears to be a placeholder or incomplete submission.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Joomla (version unspecified)

No auth needed

Prerequisites: none

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106638

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46200/

Vendor Advisory x_refsource_confirm

https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-issue-in-the-global-configuration-textfilter-settings

Scores

CVSS v3 4.8

EPSS 0.0350

EPSS Percentile 87.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

joomla/joomla\! 2.5.0 - 3.9.2

Published Jan 16, 2019

Tracked Since Feb 18, 2026