CVE-2022-31300

MEDIUM

Haraj 3.7 - Cross-Site Scripting in DM Section via POST Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-31300. PoCs published by bigzooooz.

AI-analyzed exploit summary This repository contains a writeup for CVE-2022-31300, an authenticated stored XSS vulnerability in Haraj Script 3.7. The exploit involves manipulating DM messages with a JavaScript payload via Burp Suite or DevTools.

Description

A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

Exploits (1)

nomisec WRITEUP 1 stars

by bigzooooz · poc

https://github.com/bigzooooz/CVE-2022-31300

View Code ZIP pw:eip

This repository contains a writeup for CVE-2022-31300, an authenticated stored XSS vulnerability in Haraj Script 3.7. The exploit involves manipulating DM messages with a JavaScript payload via Burp Suite or DevTools.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Haraj Script 3.7

Auth required

Prerequisites: Authenticated access to the Haraj Script DM section

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Product, Vendor Advisory x_refsource_misc

https://angtech.org/product/view/3

Vendor Advisory x_refsource_misc

https://angtech.org

Third Party Advisory x_refsource_misc

https://github.com/bigzooooz/CVE-2022-31300

Scores

CVSS v3 5.4

EPSS 0.0112

EPSS Percentile 62.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

angtech/haraj 3.7

Published Jun 16, 2022

Tracked Since Feb 18, 2026