CVE-2023-3849
published 2023-07-23CVE-2023-3849: A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the…
PriorityP341medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
3.68%
88.3th percentile
A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-235200. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moosocial | moodating | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
exploitdb·2023-07-28·CVSS 3.5
CVE-2023-3849 [LOW] mooDating 1.2 - Reflected Cross-site scripting (XSS)
mooDating 1.2 - Reflected Cross-site scripting (XSS)
---
# Exploit Title: mooDating 1.2 - Reflected Cross-site scripting (XSS)
# Exploit Author: CraCkEr aka (skalvin)
# Date: 22/07/2023
# Vendor: mooSocial
# Vendor Homepage: https://moodatingscript.com/
# Software Link: https://demo.moodatingscript.com/home
# Version: 1.2
# Tested on: Windows 10 Pro
# Impact: Manipulate the content of the site
# CVE: CVE-2023-3849, CVE-2023-3848, CVE-2023-3847, CVE-2023-3846, CVE-2023-3843, CVE-2023-3845, CVE-2023-3844
## Greetings
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
CryptoJob (Twitter) twitter.com/0x0CryptoJob
## Description
The attacker can send to victim a link containing a malicious URL in an email or instant message
can perform a wide variety of a
Nuclei
mooDating 1.2 - Cross-site scripting
nuclei·CVSS 6.1
CVE-2023-3849 [MEDIUM] mooDating 1.2 - Cross-site scripting
mooDating 1.2 - Cross-site scripting
A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely.
Template:
id: CVE-2023-3849
info:
name: mooDating 1.2 - Cross-site scripting
author: r3Y3r53
severity: medium
description: |
A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely.
impact: |
Unauthenticated attackers can inject malicious JavaScript through the URL in
No writeups or analysis indexed.
2023-07-23
Published