cbcvebase.
CVE-2023-4174
published 2023-08-06

CVE-2023-4174: A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The…

PriorityP341medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
5.27%
91.5th percentile
A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-236209 was assigned to this vulnerability.

Affected

1 ranges
VendorProductVersion rangeFixed in
moosocialmoostore

Detection & IOCsextracted from sources · hover to see the quote

url/search/index?q=[XSS]
url/stores[XSS]/all-products?store_id=&keyword=&price_from=&price_to=&rating=&store_category_id=&sortby=most_recent
url/user_info[XSS]/index/friends
url/user_info/index[XSS]/friends
url/faqs[XSS]/index?content_search=
url/faqs/index[XSS]?content_search=
otherhttp.favicon.hash:"702863115"
othericon_hash="702863115"
bytes
j8chn">ridxm
yara
id: CVE-2023-4174
info:
  name: mooSocial 3.1.6 - Reflected Cross Site Scripting
  author: momika233
  severity: medium
http:
- method: GET
  path:
  - '{{BaseURL}}/search/index?q=">ridxm'
  - '{{BaseURL}}/stores">ridxm/all-products?store_id=&keyword=&price_from=&price_to=&rating=&store_category_id=&sortby=most_recent'
  - '{{BaseURL}}/user_info">ridxm/index/friends'
  - '{{BaseURL}}/faqs">ridxm/index?content_search=">ridxm'
  - '{{BaseURL}}/classifieds">ridxm/search?category=1'
  matchers:
  - type: word
    part: body
    words:
    - "ridxm"
    - "mooSocial"
    condition: and
  - type: word
    part: header
    words:
    - "text/html"
  • Reflected XSS via GET parameter 'q' in /search/index endpoint; look for unencoded angle brackets/quotes in the 'q' parameter in HTTP requests.
  • Reflected XSS injected directly into URL path segments (not query string) for /stores, /user_info, /faqs, and /classifieds routes; monitor for special characters such as "> in URL path components.
  • Nuclei template detection: match response body containing both 'ridxm' and 'mooSocial' strings with Content-Type text/html header to confirm exploitation.
  • Identify mooSocial mooStore instances via Shodan favicon hash 702863115 or FOFA icon_hash query for attack surface enumeration.
  • The /classifieds[XSS]/search?category=1 path is also a vulnerable injection point, covered in the Nuclei template but not listed in the Exploit-DB PoC paths.
  • ·The Nuclei template uses stop-at-first-match, meaning only the first vulnerable endpoint will be confirmed per scan run; all five paths should be tested individually for full coverage.
  • ·The XSS probe string 'ridxm' is a canary token specific to this PoC/template; defenders should not rely solely on this string for detection as attackers will use different payloads in the wild.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.