What the vulnerability does
01Description
A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jp_yearbuilt leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Explanation of Vulnerability in Simple Terms
02Summary
JUX Real Estate versions 3.4.0 and later contain a cross-site scripting (XSS) vulnerability. An attacker can inject malicious scripts that execute in users' browsers when they visit affected pages. The vulnerability requires user interaction to trigger. This allows attackers to steal session tokens, redirect users, or deface content.
What an attacker can do
03Attacker Capabilities
Inject malicious scripts that run in users' browsers and steal session data or redirect them.
Potential impact on your site
04Site Impact
Site visitors may have sessions hijacked or be redirected to malicious sites; site reputation at risk.
Conditions required to exploit
05Prerequisites
Attacker must craft a malicious link or page; victim must visit it or click a link.
Key dates
06Disclosure timeline
March 9, 2025
CVE published
March 10, 2025
Record updated