CVE-2022-31301

MEDIUM

Haraj 3.7 - Stored Cross-Site Scripting in Post Ads Component

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-31301. PoCs published by bigzooooz.

AI-analyzed exploit summary This repository contains a writeup describing an authenticated stored XSS vulnerability in Haraj Script 3.7. The vulnerability allows attackers to inject malicious JavaScript payloads into input fields when creating new ads.

Description

Haraj v3.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Post Ads component.

Exploits (1)

nomisec WRITEUP 1 stars
by bigzooooz · poc
https://github.com/bigzooooz/CVE-2022-31301

This repository contains a writeup describing an authenticated stored XSS vulnerability in Haraj Script 3.7. The vulnerability allows attackers to inject malicious JavaScript payloads into input fields when creating new ads.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Haraj Script 3.7
Auth required
Prerequisites: Authenticated access to the Haraj Script application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Product, Vendor Advisory x_refsource_misc
https://angtech.org/product/view/3
Vendor Advisory x_refsource_misc
https://angtech.org
Third Party Advisory x_refsource_misc
https://github.com/bigzooooz/CVE-2022-31301

Scores

CVSS v3 5.4
EPSS 0.0080
EPSS Percentile 51.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
angtech/haraj 3.7
Published Jun 16, 2022
Tracked Since Feb 18, 2026