CVE-2023-3845

LOW NUCLEI

mooSocial mooDating 1.2 - Cross-Site Scripting in URL Handler

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-3845. A Nuclei detection template is also available.

AI-analyzed exploit summary The exploit demonstrates reflected XSS vulnerabilities in mooDating 1.2 by providing multiple URLs with injected payloads. The payloads use HTML injection via URL parameters to trigger JavaScript execution.

Description

A vulnerability was found in mooSocial mooDating 1.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /friends/ajax_invite of the component URL Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235196. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

Exploits (1)

exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/51628

The exploit demonstrates reflected XSS vulnerabilities in mooDating 1.2 by providing multiple URLs with injected payloads. The payloads use HTML injection via URL parameters to trigger JavaScript execution.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: mooDating 1.2
No auth needed
Prerequisites: Victim interaction (clicking a malicious link)
MITRE ATT&CK
devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

MooDating 1.2 - Cross-Site Scripting
MEDIUMVERIFIEDby r3Y3r53

References (3)

Core 3
Core References
Third Party Advisory vdb-entry technical-description
https://vuldb.com/?id.235196
Permissions Required, Third Party Advisory signature permissions-required
https://vuldb.com/?ctiid.235196

Scores

CVSS v3 3.5
EPSS 0.0365
EPSS Percentile 88.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
moosocial/moodating 1.2
Published Jul 23, 2023
Tracked Since Feb 18, 2026