📄 Description (English)
Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter_keyword parameter. Attackers can craft URLs containing JavaScript payloads in the filter_keyword GET parameter of the all-properties-with-map endpoint to execute arbitrary code in victim browsers and steal session tokens or credentials.
🤖 AI Executive Summary
Joomla iProperty Real Estate 4.1.1 contains a reflected XSS vulnerability in the filter_keyword parameter that allows attackers to inject malicious scripts and execute arbitrary code in victim browsers. This vulnerability can be exploited to steal session tokens, credentials, and sensitive user data without requiring authentication. The lack of available patches makes immediate mitigation through compensating controls essential for affected organizations.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 23, 2026 12:42
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi real estate companies, property management firms, and government housing agencies using Joomla iProperty. Banking sector exposure is moderate if real estate platforms integrate with payment systems. Telecom and ISP sectors may be affected if they host real estate portals. The vulnerability enables credential theft affecting SAMA-regulated financial transactions and NCA-governed data protection. Government entities managing property registries and housing programs face data breach risks. Healthcare and energy sectors with real estate management components are also at risk.
🏢 Affected Saudi Sectors
Real Estate & Property Management
Banking & Financial Services
Government & Public Administration
Telecommunications
Healthcare
Energy & Utilities
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Disable or restrict access to the all-properties-with-map endpoint until patching is available
2. Implement Web Application Firewall (WAF) rules to block requests containing JavaScript payloads in filter_keyword parameter
3. Add input validation rules: reject filter_keyword values containing <, >, ", ', script, javascript, onerror, onload patterns
COMPENSATING CONTROLS:
4. Deploy Content Security Policy (CSP) headers: Content-Security-Policy: default-src 'self'; script-src 'self'
5. Implement output encoding for all user-supplied input in search/filter functionality
6. Enable HTTP-only and Secure flags on session cookies to prevent JavaScript access
7. Deploy browser-based XSS protection headers: X-XSS-Protection: 1; mode=block
DETECTION:
8. Monitor WAF/IDS logs for filter_keyword parameters containing: script tags, event handlers (on*=), encoded payloads (%3c, %3e)
9. Alert on unusual session activity: multiple sessions from same user, geographic anomalies
10. Review access logs for all-properties-with-map endpoint for suspicious patterns
PATCHING:
11. Contact Joomla iProperty vendor for security updates; consider migration to patched version when available
12. Maintain inventory of all Joomla iProperty installations across organization
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تعطيل أو تقييد الوصول إلى نقطة نهاية all-properties-with-map حتى يتوفر التصحيح
2. تطبيق قواعد جدار حماية تطبيقات الويب (WAF) لحجب الطلبات التي تحتوي على حمولات JavaScript في معامل filter_keyword
3. إضافة قواعد التحقق من الإدخال: رفض قيم filter_keyword التي تحتوي على <، >، "، '، script، javascript، onerror، onload
الضوابط البديلة:
4. نشر رؤوس سياسة أمان المحتوى (CSP): Content-Security-Policy: default-src 'self'; script-src 'self'
5. تطبيق ترميز الإخراج لجميع المدخلات المزودة من قبل المستخدم في وظائف البحث/التصفية
6. تفعيل أعلام HTTP-only و Secure على ملفات تعريف الجلسة لمنع وصول JavaScript
7. نشر رؤوس حماية XSS المستندة إلى المتصفح: X-XSS-Protection: 1; mode=block
الكشف:
8. مراقبة سجلات WAF/IDS لمعاملات filter_keyword التي تحتوي على: علامات script، معالجات الأحداث (on*=)، حمولات مشفرة (%3c، %3e)
9. تنبيهات على نشاط الجلسة غير العادي: جلسات متعددة من نفس المستخدم، شذوذ جغرافي
10. مراجعة سجلات الوصول لنقطة النهاية all-properties-with-map للأنماط المريبة
التصحيح:
11. الاتصال بمورد Joomla iProperty للحصول على تحديثات الأمان؛ النظر في الترقية إلى نسخة مصححة عند توفرها
12. الحفاظ على جرد لجميع تثبيتات Joomla iProperty عبر المنظمة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.14.2.1 - Information security requirements for supplier relationships
ECC 2024 A.14.2.5 - Addressing information security in supplier agreements
ECC 2024 A.5.1.1 - Policies for information security
ECC 2024 A.6.1.1 - Information security roles and responsibilities
🔵 SAMA CSF
Governance & Risk Management - Vulnerability Management
Information & Cyber Security - Application Security
Information & Cyber Security - Data Protection
Operational Resilience - Incident Management
🟡 ISO 27001:2022
ISO 27001:2022 A.5.1 - Policies for information security
ISO 27001:2022 A.8.1 - User endpoint devices
ISO 27001:2022 A.8.2 - Privileged access rights
ISO 27001:2022 A.14.2 - Supplier relationships
ISO 27001:2022 A.14.3 - ICT supply chain security
🟣 PCI DSS v4.0.1
PCI DSS 6.5.7 - Cross-site scripting (XSS)
PCI DSS 6.2 - Security patches and updates
PCI DSS 11.3 - Penetration testing
🔗 References & Sources 4
🔗
🔗
🔗
🔗
http://thethinkery.net
disclosure@vulncheck.com
https://extensions.joomla.org/extension/vertical-markets/real-estate/iproperty/
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51640
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/joomla-iproperty-real-estate-reflected-xss-via-fil...
disclosure@vulncheck.com