CVE-2023-4173
published 2023-08-06CVE-2023-4173: A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. The…
PriorityP341medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
3.34%
87.1th percentile
A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236208.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moosocial | moostore | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
mooSocial 3.1.8 - Reflected XSS
exploitdb·2023-08-08·CVSS 3.5
CVE-2023-4173 [LOW] mooSocial 3.1.8 - Reflected XSS
mooSocial 3.1.8 - Reflected XSS
---
# Exploit Title: mooSocial 3.1.8 - Reflected XSS
# Exploit Author: CraCkEr
# Date: 28/07/2023
# Vendor: mooSocial
# Vendor Homepage: https://moosocial.com/
# Software Link: https://travel.moosocial.com/
# Version: 3.1.8
# Tested on: Windows 10 Pro
# Impact: Manipulate the content of the site
# CVE: CVE-2023-4173
## Greetings
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
CryptoJob (Twitter) twitter.com/0x0CryptoJob
## Description
The attacker can send to victim a link containing a malicious URL in an email or instant message
can perform a wide variety of actions, such as stealing the victim's session token or login credentials
URL path folder is vulnerable to XSS
https://website/classifieds[XSS]/search?categ
Nuclei
mooSocial 3.1.8 - Reflected XSS
nuclei·CVSS 6.1
CVE-2023-4173 [MEDIUM] mooSocial 3.1.8 - Reflected XSS
mooSocial 3.1.8 - Reflected XSS
A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index.
Template:
id: CVE-2023-4173
info:
name: mooSocial 3.1.8 - Reflected XSS
author: momika233
severity: medium
description: |
A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Apply the latest patch or upgrade to a newer version of mooSocial to mitigate this vu
No writeups or analysis indexed.
2023-08-06
Published