{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-54360", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-09T20:41:49.829Z", "datePublished": "2026-04-09T20:54:50.323Z", "dateUpdated": "2026-05-24T01:37:39.719Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-24T01:37:39.719Z"}, "datePublic": "2023-08-04T00:00:00.000Z", "title": "Joomla JLex Review 6.0.1 Reflected XSS via review_id Parameter", "descriptions": [{"lang": "en", "value": "Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, enabling session hijacking or credential theft."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "affected": [{"vendor": "Jlexart", "product": "Joomla JLex Review", "versions": [{"version": "6.0.1", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.1, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/51645", "name": "ExploitDB-51645", "tags": ["exploit"]}, {"url": "https://jlexart.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://extensions.joomla.org/extension/jlex-review/", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: Joomla JLex Review 6.0.1 Reflected XSS via review_id Parameter", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/joomla-jlex-review-reflected-xss-via-review-id-parameter"}], "credits": [{"lang": "en", "value": "CraCkEr", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T20:22:58.610548Z", "id": "CVE-2023-54360", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:23:08.773Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-54360", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T20:22:58.610548Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:23:03.755Z"}}], "cna": {"title": "Joomla JLex Review 6.0.1 Reflected XSS via review_id Parameter", "credits": [{"lang": "en", "type": "finder", "value": "CraCkEr"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Jlexart", "product": "Joomla JLex Review", "versions": [{"status": "affected", "version": "6.0.1"}]}], "datePublic": "2023-08-04T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/51645", "name": "ExploitDB-51645", "tags": ["exploit"]}, {"url": "https://jlexart.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://extensions.joomla.org/extension/jlex-review/", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/joomla-jlex-review-reflected-xss-via-review-id-parameter", "name": "VulnCheck Advisory: Joomla JLex Review 6.0.1 Reflected XSS via review_id Parameter", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, enabling session hijacking or credential theft."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-24T01:37:39.719Z"}}}, "cveMetadata": {"cveId": "CVE-2023-54360", "state": "PUBLISHED", "dateUpdated": "2026-05-24T01:37:39.719Z", "dateReserved": "2026-04-09T20:41:49.829Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-09T20:54:50.323Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, enabling session hijacking or credential theft."}], "id": "CVE-2023-54360", "lastModified": "2026-04-15T15:00:32.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-09T21:16:05.340", "references": [{"source": "disclosure@vulncheck.com", "url": "https://extensions.joomla.org/extension/jlex-review/"}, {"source": "disclosure@vulncheck.com", "url": "https://jlexart.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/51645"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/joomla-jlex-review-reflected-xss-via-review-id-parameter"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Joomla JLex Review", "source": "cna", "vendor": "Jlexart"}, "product": "joomla_jlex_review", "vendor": "jlexart"}], "analysis": {"en": {"generated_at": "2026-04-09T23:07:56.502088+00:00", "value": {"mitigation_remediation": ["Update the JLex Review extension to a version that includes the patch; the vendor has released an updated release that removes the flaw.", "If upgrading is not immediately possible, consider disabling or removing the extension until a patched version is available to eliminate the attack surface.", "Implement web application firewall rules that detect or block XSS payloads in the review_id parameter to mitigate exploitation attempts.", "Monitor user traffic for suspicious activity, and educate site visitors about the dangers of clicking unknown links to reduce the likelihood of successful social\u2011engineering attacks."], "summary": {"action": "Patch Immediately", "impact": "Reflected Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "The flaw is present only in the JLexart Joomla JLex Review extension, version 6.0.1. No other product or version is listed as affected. Site owners using this specific extension version should verify its presence on their deployment.", "description_and_impact": "Joomla JLex Review 6.0.1 contains a reflected cross\u2011site scripting flaw that lets an attacker supply a malicious payload through the review_id URL parameter. When a victim visits a crafted link, the embedded script runs in the victim's browser, allowing session hijacking or credential theft. The vulnerability does not require authentication or additional privileges, so any user who follows a malicious link can be exposed.", "risk_and_exploitability": "The CVSS score of 5.1 indicates moderate severity. The EPSS score is not available, and the vulnerability is not catalogued in the CISA KEV list. Based on the description, it is inferred that the attacker can exploit this weakness by sending phishing emails or embedding the link in other content that drives users to the vulnerable URL. The vulnerability has been demonstrated by publicly available exploits, showing that it can be leveraged without additional prerequisites."}}}}, "created": "2026-04-10T08:38:29.674702+00:00", "updated": "2026-04-10T09:29:14.215415+00:00", "vendors": ["jlexart", "jlexart$PRODUCT$joomla_jlex_review"]}