id: CVE-2023-4174 info: name: mooSocial 3.1.6 - Reflected Cross Site Scripting author: momika233 severity: medium description: | A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. remediation: | Upgrade to the latest version of mooSocial or apply the vendor-provided patch to fix the XSS vulnerability. reference: - https://www.exploit-db.com/exploits/51671 - https://nvd.nist.gov/vuln/detail/CVE-2023-4174 - https://packetstormsecurity.com/files/174017/Social-Commerce-3.1.6-Cross-Site-Scripting.html - https://vuldb.com/?ctiid.236209 - https://vuldb.com/?id.236209 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-4174 cwe-id: CWE-79 epss-score: 0.00209 epss-percentile: 0.58186 cpe: cpe:2.3:a:moosocial:moostore:3.1.6:*:*:*:*:*:*:* metadata: verified: true max-request: 5 vendor: moosocial product: moostore fofa-query: icon_hash="702863115" tags: packetstorm,cve,cve2023,moosocial,xss http: - method: GET path: - '{{BaseURL}}/search/index?q=">ridxm' - '{{BaseURL}}/stores">ridxm/all-products?store_id=&keyword=&price_from=&price_to=&rating=&store_category_id=&sortby=most_recent' - '{{BaseURL}}/user_info">ridxm/index/friends' - '{{BaseURL}}/faqs">ridxm/index?content_search=">ridxm' - '{{BaseURL}}/classifieds">ridxm/search?category=1' stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - "ridxm" - "mooSocial" condition: and - type: word part: header words: - "text/html"