EIP-2026-108229

PRE-CVE

Joomla! Component Card View JX - Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108229. PoCs published by Valentin.

AI-analyzed exploit summary This exploit demonstrates XSS vulnerabilities in the Joomla Component Card View JX by providing specific URL paths with injected payloads. The PoC includes two distinct XSS vectors via the 'data_search' and 'rpp' parameters.

Description

Joomla! Component Card View JX - Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Valentin · textwebappsphp

https://www.exploit-db.com/exploits/12474

View Code ZIP pw:eip

This exploit demonstrates XSS vulnerabilities in the Joomla Component Card View JX by providing specific URL paths with injected payloads. The PoC includes two distinct XSS vectors via the 'data_search' and 'rpp' parameters.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Joomla Component Card View JX (all versions)

No auth needed

Prerequisites: Access to the vulnerable Joomla component

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026