Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/04/09 8:54 p.m.23 views

CVE-2023-54360 Joomla JLex Review 6.0.1 Reflected XSS via review_id Parameter

Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the reviewid URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, enablin...

6.1CVSS0.00194EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 8:54 p.m.6 views

CVE-2023-54360 Joomla JLex Review 6.0.1 Reflected XSS via review_id Parameter

Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the reviewid URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, enablin...

6.1CVSS5.8AI score0.00194EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31727

Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review id URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, enabli...

6.1CVSS5.9AI score0.00194EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

Joomla JLex Review 跨站脚本漏洞

Joomla JLex Review is an open-source user comment and rating management extension developed by JLxeArt. Version 6.0.1 of Joomla JLex Review contains a cross-site scripting vulnerability, which stems from improper handling of the reviewid parameter. This vulnerability may lead to reflective...

6.1CVSS5.6AI score0.00194EPSS
Exploits0References4
OSV
OSV
added 2025/02/18 10:15 a.m.3 views

CVE-2024-13369

The Tour Master - Tour Booking, Travel, Hotel plugin for WordPress is vulnerable to time-based SQL Injection via the ‘reviewid’ parameter in all versions up to, and including, 5.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

8.8CVSS5.8AI score0.0045EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/18 9:21 a.m.13 views

CVE-2024-13369 Tour Master - Tour Booking, Travel, Hotel <= 5.3.7 - Authenticated (Subscriber+) SQL Injection via review_id Parameter

The Tour Master - Tour Booking, Travel, Hotel plugin for WordPress is vulnerable to time-based SQL Injection via the ‘reviewid’ parameter in all versions up to, and including, 5.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

6.5CVSS0.0045EPSS
Exploits0References3
Rows per page
Query Builder