CVE-2022-27913

MEDIUM

Joomla! 4.2.0-4.2.3 - Reflected Cross-Site Scripting in Various Components

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-27913. PoCs published by cameron-coding-projects.

AI-analyzed exploit summary This repository contains a Python-based scanner to detect Joomla installations and check for vulnerability to CVE-2022-27913 by comparing version numbers. It includes utilities for bulk scanning and version detection via HTTP requests.

Description

An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.

Exploits (1)

nomisec SCANNER 1 stars

by cameron-coding-projects · poc

https://github.com/cameron-coding-projects/Joomla-CVE-Detector-CVE-2022-27913-

View Code ZIP pw:eip

This repository contains a Python-based scanner to detect Joomla installations and check for vulnerability to CVE-2022-27913 by comparing version numbers. It includes utilities for bulk scanning and version detection via HTTP requests.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Joomla CMS versions below 3.10.2

No auth needed

Prerequisites: Network access to the target Joomla site · Joomla version files accessible via HTTP

MITRE ATT&CK

T1592 - Gather Victim Host Information T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://developer.joomla.org/security-centre/886-20221002-core-reflected-xss-in-various-components.html

Scores

CVSS v3 6.1

EPSS 0.0036

EPSS Percentile 27.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

joomla/joomla\! 4.0.0 - 4.2.3

Published Oct 25, 2022

Tracked Since Feb 18, 2026