CVE-2023-3849

EIP tracks 1 public exploit for CVE-2023-3849. PoCs published by CraCkEr. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates reflected XSS vulnerabilities in mooDating 1.2 by injecting malicious payloads into URL parameters across multiple endpoints. The payloads trigger JavaScript execution via crafted URLs, potentially leading to session hijacking or credential theft.

A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-235200. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.