CVE-2022-31298

MEDIUM

Haraj 3.7 - Stored Cross-Site Scripting in Ads Comment Section

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-31298. PoCs published by bigzooooz.

AI-analyzed exploit summary This repository contains a writeup for CVE-2022-31298, an authenticated stored XSS vulnerability in Haraj Script 3.7. The exploit involves injecting a JavaScript payload into the ads comment section.

Description

A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

Exploits (1)

nomisec WRITEUP 1 stars

by bigzooooz · poc

https://github.com/bigzooooz/CVE-2022-31298

View Code ZIP pw:eip

This repository contains a writeup for CVE-2022-31298, an authenticated stored XSS vulnerability in Haraj Script 3.7. The exploit involves injecting a JavaScript payload into the ads comment section.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Haraj Script 3.7

Auth required

Prerequisites: Authenticated access to the Haraj Script application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Product, Vendor Advisory x_refsource_misc

https://angtech.org/product/view/3

Vendor Advisory x_refsource_misc

https://angtech.org

Third Party Advisory x_refsource_misc

https://github.com/bigzooooz/CVE-2022-31298

Scores

CVSS v3 5.4

EPSS 0.0112

EPSS Percentile 62.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

angtech/haraj 3.7

Published Jun 16, 2022

Tracked Since Feb 18, 2026