What the vulnerability does
01Description
Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, enabling session hijacking or credential theft.
Explanation of Vulnerability in Simple Terms
02Summary
A cross-site scripting (XSS) vulnerability in Joomla JLex Review allows attackers to inject malicious scripts that execute in users' browsers. The vulnerability requires user interaction—a victim must visit a crafted page or click a malicious link. Successful exploitation can deface content or steal session data from site visitors.
What an attacker can do
03Attacker Capabilities
Inject malicious JavaScript that runs in visitors' browsers when they view affected pages.
Potential impact on your site
04Site Impact
Site visitors may see defaced content, have sessions hijacked, or be redirected to malicious sites.
Conditions required to exploit
05Prerequisites
Network access and user interaction required; victim must visit a page containing the attacker's payload.
Key dates
06Disclosure timeline
April 9, 2026
CVE published
May 24, 2026
Record updated