MEDIUM
Jomres
CVE published 2026-05-23
CVE-2018-25354
CVE-2018-25354 documents a cross-site request forgery (CSRF) vulnerability in Jomres 9.11.2, a Joomla component for hotel and property management. The flaw allows attackers to modify authenticated user account information—including passwords, email addresses, and profile details—by inducing victims to visit malicious pages containing crafted HTML forms targeting the account/index endpoint. The vulnerabili [truncated]