CVE-2023-54363

MEDIUM

Joomla Solidres 2.13.3 Reflected XSS via Multiple Parameters

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-54363. PoCs published by CraCkEr.

AI-analyzed exploit summary The exploit demonstrates a reflected XSS vulnerability in Joomla Solidres 2.13.3 by providing multiple URLs with vulnerable GET parameters (e.g., 'show', 'reviews', 'type_id'). These parameters can be manipulated to inject malicious scripts, potentially stealing session tokens or credentials.

Description

Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, type_id, distance, facilities, categories, prices, location, and Itemid. Attackers can craft malicious URLs containing JavaScript payloads in these parameters to steal session tokens, login credentials, or manipulate site content when victims visit the crafted links.

Exploits (1)

exploitdb WORKING POC

by CraCkEr · textwebappsphp

https://www.exploit-db.com/exploits/51638

View Code ZIP pw:eip

The exploit demonstrates a reflected XSS vulnerability in Joomla Solidres 2.13.3 by providing multiple URLs with vulnerable GET parameters (e.g., 'show', 'reviews', 'type_id'). These parameters can be manipulated to inject malicious scripts, potentially stealing session tokens or credentials.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Joomla Solidres 2.13.3

No auth needed

Prerequisites: Victim must click a crafted URL

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Apr 10, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-51638

https://www.exploit-db.com/exploits/51638

Product product

Official Product Homepage

http://solidres.com/

Product product

Product Reference

https://extensions.joomla.org/extension/vertical-markets/booking-a-reservations/solidres/

Third Party Advisory third-party-advisory

VulnCheck Advisory: Joomla Solidres 2.13.3 Reflected XSS via Multiple Parameters

https://www.vulncheck.com/advisories/joomla-solidres-reflected-xss-via-multiple-parameters

Scores

CVSS v3 6.1

EPSS 0.0023

EPSS Percentile 13.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

Solidres/Joomla Solidres 2.13.3

Published Apr 09, 2026

Tracked Since Apr 10, 2026