CVE-2023-3847
published 2023-07-23CVE-2023-3847: A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL…
PriorityP340medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
3.65%
88.2th percentile
A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-235198 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome_chrome | — | — | |
| moosocial | moodating | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h3pc-fp6q-p374: A vulnerability classified as problematic was found in mooSocial mooDating 1
ghsa_unreviewed·2023-07-23
CVE-2023-3847 [MEDIUM] CWE-79 GHSA-h3pc-fp6q-p374: A vulnerability classified as problematic was found in mooSocial mooDating 1
A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-235198 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.
Chrome
Stable Channel Update for Desktop: CVE-2024-3845
vendor_chrome·2024-04-16·CVSS 4.3
CVE-2024-3845 [LOW] Stable Channel Update for Desktop: CVE-2024-3845
Stable Channel Update for Desktop
CVE-2024-3845: Inappropriate implementation in Network. Reported by Daniel Baulig on 2024-02-03 [$2000][ 40064754 ] Low CVE-2024-3846: Inappropriate implementation in Prompts
Reported by Ahmed ElMasry on 2023-05-23 [$1000][ 328690293 ] Low CVE-2024-3847: Insufficient policy enforcement in WebUI
Severity: low
No detection rules found.
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
exploitdb·2023-07-28·CVSS 3.5
CVE-2023-3849 [LOW] mooDating 1.2 - Reflected Cross-site scripting (XSS)
mooDating 1.2 - Reflected Cross-site scripting (XSS)
---
# Exploit Title: mooDating 1.2 - Reflected Cross-site scripting (XSS)
# Exploit Author: CraCkEr aka (skalvin)
# Date: 22/07/2023
# Vendor: mooSocial
# Vendor Homepage: https://moodatingscript.com/
# Software Link: https://demo.moodatingscript.com/home
# Version: 1.2
# Tested on: Windows 10 Pro
# Impact: Manipulate the content of the site
# CVE: CVE-2023-3849, CVE-2023-3848, CVE-2023-3847, CVE-2023-3846, CVE-2023-3843, CVE-2023-3845, CVE-2023-3844
## Greetings
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
CryptoJob (Twitter) twitter.com/0x0CryptoJob
## Description
The attacker can send to victim a link containing a malicious URL in an email or instant message
can perform a wide variety of a
Nuclei
MooDating 1.2 - Cross-Site scripting
nuclei·CVSS 6.1
CVE-2023-3847 [MEDIUM] MooDating 1.2 - Cross-Site scripting
MooDating 1.2 - Cross-Site scripting
A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely.
Template:
id: CVE-2023-3847
info:
name: MooDating 1.2 - Cross-Site scripting
author: r3Y3r53
severity: medium
description: |
A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely.
impact: |
Unauthenticated attackers can inject malicious JavaScript through the URL Handler in the users component, potentia
No writeups or analysis indexed.
2023-07-23
Published