CVE-2023-40869

MEDIUM

mooSocial 3.1.6-3.1.7 - Cross-Site Scripting via edit_menu, copuon, and group_categorias Functions

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-40869. PoCs published by MinoTauro2020.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2023-40869, demonstrating a stored XSS vulnerability in mooSocial Software versions 3.1.6 and 3.1.7. The exploit leverages CSRF to inject malicious JavaScript payloads into the application's database via crafted form submissions.

Description

Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and group_categorias functions.

Exploits (1)

nomisec WORKING POC 1 stars
by MinoTauro2020 · poc
https://github.com/MinoTauro2020/CVE-2023-40869

This repository contains a functional proof-of-concept for CVE-2023-40869, demonstrating a stored XSS vulnerability in mooSocial Software versions 3.1.6 and 3.1.7. The exploit leverages CSRF to inject malicious JavaScript payloads into the application's database via crafted form submissions.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: mooSocial Software v3.1.6 and 3.1.7
Auth required
Prerequisites: Victim must be authenticated as an admin · Victim must open the malicious HTML file
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://github.com/MinoTauro2020/CVE-2023-40869

Scores

CVSS v3 6.1
EPSS 0.0101
EPSS Percentile 58.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
moosocial/moosocial 3.1.6
moosocial/moosocial 3.1.7
Published Sep 14, 2023
Tracked Since Feb 18, 2026