CVE-2023-54360

Name of the Vulnerable Software and Affected Versions Joomla JLex Review version 6.0.1

Description A reflected cross-site scripting issue exists that allows attackers to inject malicious scripts by manipulating the review id URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, potentially enabling session hijacking or credential theft.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the review id parameter to prevent the injection of malicious scripts.