Access Control: Joomla iProperty Real Estate 4.1.1 - Cross-Site Scripting¶
Identifier:
joomla_iproperty_xss
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Joomla extension iproperty is vulnerable to cross-site scripting in the GET parameter 'filter_keyword', allowing attackers to execute arbitrary scripts.
How we test: We test for XSS vulnerabilities in Joomla iproperty by injecting malicious payloads into the filter_keyword parameter and analyzing responses to detect if scripts are executed in the browser.
Reference:
- https://www.exploit-db.com/exploits/51640
- https://cxsecurity.com/issue/WLB-2023070076
- https://extensions.joomla.org/extension/vertical-markets/real-estate/iproperty/
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.