CVE-2023-54363

MEDIUM

Joomla Solidres 2.13.3 Reflected XSS via Multiple Parameters

Title source: cna

Description

Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, type_id, distance, facilities, categories, prices, location, and Itemid. Attackers can craft malicious URLs containing JavaScript payloads in these parameters to steal session tokens, login credentials, or manipulate site content when victims visit the crafted links.

Exploits (1)

exploitdb WORKING POC
by CraCkEr · textwebappsphp
https://www.exploit-db.com/exploits/51638

References (4)

Scores

CVSS v3 6.1
EPSS 0.0007
EPSS Percentile 20.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
Solidres/Joomla Solidres 2.13.3
Published Apr 09, 2026
Tracked Since Apr 10, 2026