CVE-2023-54363

Description

Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, type_id, distance, facilities, categories, prices, location, and Itemid. Attackers can craft malicious URLs containing JavaScript payloads in these parameters to steal session tokens, login credentials, or manipulate site content when victims visit the crafted links.

References

• http://solidres.com/
• https://extensions.joomla.org/extension/vertical-markets/booking-a-reservations/solidres/
• https://www.exploit-db.com/exploits/51638
• https://www.vulncheck.com/advisories/joomla-solidres-reflected-xss-via-multiple-parameters