CVE-2018-25327 - Vulnerability Details

Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modify component settings when administrators visit attacker-controlled pages.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Joomsky	Js Jobs

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Joomsky	Js Jobs

References

Link	Providers
https://extensions.joomla.org/extension/js-jobs/
https://www.exploit-db.com/exploits/44492
https://www.joomsky.com
https://www.vulncheck.com/advisories/joomla-component-js-jobs-cross-site-request-forgery

History

Sun, 17 May 2026 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Joomsky Joomsky js Jobs
Vendors & Products		Joomsky Joomsky js Jobs

Sun, 17 May 2026 12:30:00 +0000

Type	Values Removed	Values Added
Description		Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modify component settings when administrators visit attacker-controlled pages.
Title		Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery
Weaknesses		CWE-352
References		https://extensions.joomla.org/extension/js-jobs/ https://www.exploit-db.com/exploits/44492 https://www.joomsky.com https://www.vulncheck.com/advisories/joomla-component-js-jobs-cross-site-request-forgery
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-05-17T12:11:33.116Z

Updated: 2026-05-17T12:11:33.116Z

Reserved: 2026-05-17T11:41:57.969Z

Link: CVE-2018-25327

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-17T13:16:44.183

Modified: 2026-05-17T13:16:44.183

Link: CVE-2018-25327

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-17T14:30:03Z

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object