CVE-2023-3846
published 2023-07-23CVE-2023-3846: A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL…
PriorityP341medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
3.65%
88.2th percentile
A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235197 was assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome_chrome | — | — | |
| moosocial | moodating | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8x87-898q-f527: A vulnerability classified as problematic has been found in mooSocial mooDating 1
ghsa_unreviewed·2023-07-23
CVE-2023-3846 [MEDIUM] CWE-79 GHSA-8x87-898q-f527: A vulnerability classified as problematic has been found in mooSocial mooDating 1
A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235197 was assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.
Chrome
Stable Channel Update for Desktop: CVE-2024-3845
vendor_chrome·2024-04-16·CVSS 4.3
CVE-2024-3845 [LOW] Stable Channel Update for Desktop: CVE-2024-3845
Stable Channel Update for Desktop
CVE-2024-3845: Inappropriate implementation in Network. Reported by Daniel Baulig on 2024-02-03 [$2000][ 40064754 ] Low CVE-2024-3846: Inappropriate implementation in Prompts
Reported by Ahmed ElMasry on 2023-05-23 [$1000][ 328690293 ] Low CVE-2024-3847: Insufficient policy enforcement in WebUI
Severity: low
No detection rules found.
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
exploitdb·2023-07-28·CVSS 3.5
CVE-2023-3849 [LOW] mooDating 1.2 - Reflected Cross-site scripting (XSS)
mooDating 1.2 - Reflected Cross-site scripting (XSS)
---
# Exploit Title: mooDating 1.2 - Reflected Cross-site scripting (XSS)
# Exploit Author: CraCkEr aka (skalvin)
# Date: 22/07/2023
# Vendor: mooSocial
# Vendor Homepage: https://moodatingscript.com/
# Software Link: https://demo.moodatingscript.com/home
# Version: 1.2
# Tested on: Windows 10 Pro
# Impact: Manipulate the content of the site
# CVE: CVE-2023-3849, CVE-2023-3848, CVE-2023-3847, CVE-2023-3846, CVE-2023-3843, CVE-2023-3845, CVE-2023-3844
## Greetings
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
CryptoJob (Twitter) twitter.com/0x0CryptoJob
## Description
The attacker can send to victim a link containing a malicious URL in an email or instant message
can perform a wide variety of a
Nuclei
MooDating 1.2 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-3846 [MEDIUM] MooDating 1.2 - Cross-Site Scripting
MooDating 1.2 - Cross-Site Scripting
A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely.
Template:
id: CVE-2023-3846
info:
name: MooDating 1.2 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely.
impact: |
Unauthenticated attackers can inject malicious JavaScript through the URL Handler in the pages component,
No writeups or analysis indexed.
2023-07-23
Published