CVE-2025-2127 MEDIUM

CVE-2025-2127: JoomlaUX JUX Real Estate realties cross site scripting

Vendor Joomlaux
Product JUX Real Estate
Weakness CWE-79 · XSS
Published March 9, 2025
Last update March 10, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jp_yearbuilt leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Explanation of Vulnerability in Simple Terms

02Summary

JUX Real Estate versions 3.4.0 and later contain a cross-site scripting (XSS) vulnerability. An attacker can inject malicious scripts that execute in users' browsers when they visit affected pages. The vulnerability requires user interaction to trigger. This allows attackers to steal session tokens, redirect users, or deface content.

What an attacker can do

03Attacker Capabilities

Inject malicious scripts that run in users' browsers and steal session data or redirect them.

Potential impact on your site

04Site Impact

Site visitors may have sessions hijacked or be redirected to malicious sites; site reputation at risk.

Conditions required to exploit

05Prerequisites

Attacker must craft a malicious link or page; victim must visit it or click a link.

Key dates

06Disclosure timeline

March 9, 2025 CVE published
March 10, 2025 Record updated

Related vulnerabilities

08Related CVE