CVE-2025-2127

Name of the Vulnerable Software and Affected Versions JoomlaUX JUX Real Estate version 3.4.0

Description A problematic issue was found in the software, affecting an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the Itemid/jp yearbuilt argument leads to cross-site scripting. This issue can be exploited remotely.

Recommendations For JoomlaUX JUX Real Estate version 3.4.0, as a temporary workaround, consider restricting access to the /extensions/realestate/index.php/properties/list/list-with-sidebar/realties endpoint to minimize the risk of exploitation. Avoid using the Itemid/jp yearbuilt argument in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.