CVE-2022-31299

MEDIUM NUCLEI

Haraj 3.7 - Reflected Cross-Site Scripting in User Upgrade Form

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-31299. PoCs published by bigzooooz. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a proof-of-concept for a reflected XSS vulnerability in Haraj Script 3.7. The exploit leverages a crafted URL to inject malicious JavaScript code, which executes in the context of the victim's browser.

Description

Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form.

Exploits (1)

nomisec WORKING POC 1 stars

by bigzooooz · poc

https://github.com/bigzooooz/CVE-2022-31299

View Code ZIP pw:eip

This repository contains a proof-of-concept for a reflected XSS vulnerability in Haraj Script 3.7. The exploit leverages a crafted URL to inject malicious JavaScript code, which executes in the context of the victim's browser.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Haraj Script 3.7

No auth needed

Prerequisites: Access to the target application · Victim interaction to click the crafted URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Haraj 3.7 - Cross-Site Scripting

MEDIUMVERIFIEDby edoardottt

References (3)

Core 3

Core References

Broken Link x_refsource_misc

https://angtech.org/product/view/3

Broken Link x_refsource_misc

https://angtech.org

Exploit, Third Party Advisory x_refsource_misc

https://github.com/bigzooooz/CVE-2022-31299

Scores

CVSS v3 6.1

EPSS 0.0473

EPSS Percentile 90.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

angtech/haraj 3.7

Published Jun 16, 2022

Tracked Since Feb 18, 2026