CVE-2023-4174

mooSocial mooStore cross site scripting

CVSS 3.5 LOWEPSS 5.3%CWE-79

Vexday Risk Score

43Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 3.5EPSS 5.3%KEV nãoPoC públicaNuclei simMetasploit —Patch —

Lifecycle

06 Aug 2023Published on NVD

08 Aug 2023Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-236209 was assigned to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Affected products

mooSocial · mooStore

public PoCs found — 3

githubgithub.com/d0rb/CVE-2023-4174★ 0 cve_referencepacketstormsecurity.com/files/174017/Social-Commerce-3.1.6-Cross-Site-Scripting.htmlunverified exploitdbwww.exploit-db.com/exploits/51671unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/174017/Social-Commerce-3.1.6-Cross-Site-Scripting.html https://vuldb.com/?ctiid.236209 https://vuldb.com/?id.236209