CVE-2023-3847

LOW NUCLEI

mooSocial mooDating 1.2 - Cross-Site Scripting in URL Handler

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-3847. A Nuclei detection template is also available.

AI-analyzed exploit summary The exploit demonstrates multiple reflected XSS vulnerabilities in mooDating 1.2 by providing crafted URLs with malicious payloads. The payloads inject JavaScript via URL parameters, triggering alert popups when rendered.

Description

A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-235198 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/51628

View Code ZIP pw:eip

The exploit demonstrates multiple reflected XSS vulnerabilities in mooDating 1.2 by providing crafted URLs with malicious payloads. The payloads inject JavaScript via URL parameters, triggering alert popups when rendered.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: mooDating 1.2

No auth needed

Prerequisites: Victim interaction (clicking a malicious link)

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

MooDating 1.2 - Cross-Site scripting

MEDIUMVERIFIEDby r3Y3r53

References (3)

Core 3

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.235198

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.235198

Exploit, Third Party Advisory, VDB Entry related

http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html

Scores

CVSS v3 3.5

EPSS 0.0365

EPSS Percentile 88.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

moosocial/moodating 1.2

Published Jul 23, 2023

Tracked Since Feb 18, 2026