CVE-2023-54360: Joomla JLex Review 6.0.1 Reflected XSS via review_id Parameter
Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, enabling session hijacking or credential theft.
Security readout for executives and security teams
Plain-English summary
Joomla sites using JLex Review 6.0.1 may be exposed to reflected cross-site scripting. An attacker could trick a user into opening a crafted link, causing script execution in that user's browser. Business impact depends on who clicks: administrator sessions and authenticated customer accounts are the main concern.
Executive priority
Treat as a moderate web risk. It is not known to be actively exploited from the supplied evidence, but public exploit availability increases urgency for internet-facing Joomla sites and administrator-heavy workflows.
Technical view
CVE-2023-54360 is CWE-79 reflected XSS in Joomla JLex Review 6.0.1 through the review_id URL parameter. CVSS 3.1 is 6.1 with network access, low complexity, no privileges, and required user interaction. Scope is changed with low confidentiality and integrity impact.
Likely exposure
Exposure is likely limited to Joomla deployments that have JLex Review version 6.0.1 installed and reachable by users. The source bundle does not identify other affected versions or CPEs.
Exploitation context
A public ExploitDB reference exists, so proof-of-concept or exploit information is publicly available. CISA KEV is false, and the supplied sources do not state that active exploitation is occurring.
Researcher notes
The evidence identifies JLex Review 6.0.1 and the review_id parameter, but does not provide a vendor advisory, affected-version range, or fixed version. Avoid assuming broader product impact without vendor confirmation.
Mitigation direction
Inventory Joomla sites for JLex Review and confirm exact installed version.
Check Jlexart and Joomla extension guidance for a fixed or recommended version.
Upgrade, disable, or remove JLex Review where vendor guidance supports that action.
Prioritize reducing administrator exposure to suspicious links until remediated.
Use browser and application hardening controls that reduce reflected XSS impact.
Validation and detection
Confirm whether JLex Review 6.0.1 is installed on production Joomla sites.
Review vendor release notes or extension metadata for newer security-relevant versions.
Inspect web logs for unusual review_id requests with script-like or encoded input.
Run only authorized, non-executing reflected-input tests in a safe environment.
Verify remediation by confirming the parameter is encoded or rejected.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-79: User-session and phishing behavior lookup
Client-side and session-facing weaknesses should be reviewed alongside initial-access and user-execution behaviors. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references authentication or credential exposure, so valid-account and credential-access review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-79 · source CWE mapping
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.