Description
Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modify component settings when administrators visit attacker-controlled pages.
Published: 2026-05-17
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a cross‑site request forgery flaw that lets an attacker craft a malicious HTML form which, when an administrator visits the page, submits a request to administrative endpoints such as job.jobenforcedelete without validating a CSRF token. The attacker can perform state‑changing actions like deleting job postings or altering component configuration, thereby compromising the integrity and availability of the Joomla site.

Affected Systems

The flaw resides in the Joomsky:JS Jobs component version 1.2.0 for Joomla. Administrators who have access to the component’s administrative interface are potentially affected if the component is installed and enabled.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate to high severity. Because the exploit requires an authenticated administrator to visit a crafted page, it is a targeted attack but does not provide remote code execution. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The attacker would need to entice an administrator to load a malicious page, after which the forged request submits without token validation, allowing the attacker to change or delete content.

Generated by OpenCVE AI on May 17, 2026 at 13:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the JS Jobs component to the latest available version that includes a fix for the CSRF issue.
  • If an updated component is not available, remove or disable the JS Jobs component so that the vulnerable administrative endpoints are no longer accessible.
  • Restrict access to the administrative panels by applying IP filtering or a firewall rule so that only trusted IP addresses can reach the endpoints.
  • Ensure that Joomla’s built‑in CSRF protection is enabled and that all administrative forms include a valid token.

Generated by OpenCVE AI on May 17, 2026 at 13:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Joomsky
Joomsky js Jobs
Vendors & Products Joomsky
Joomsky js Jobs

Sun, 17 May 2026 12:30:00 +0000

Type Values Removed Values Added
Description Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modify component settings when administrators visit attacker-controlled pages.
Title Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L'}

Subscriptions

Joomsky Js Jobs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-17T12:11:33.116Z

Reserved: 2026-05-17T11:41:57.969Z

Link: CVE-2018-25327

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-17T13:16:44.183

Modified: 2026-05-17T13:16:44.183

Link: CVE-2018-25327

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T14:30:03Z

Weaknesses