CVE-2023-4174

LOW NUCLEI

Moosocial Moostore - XSS

Title source: rule

Description

A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-236209 was assigned to this vulnerability.

Exploits (3)

exploitdb WRITEUP VERIFIED

by CraCkEr · textwebappsphp

https://www.exploit-db.com/exploits/51671

View Code ZIP pw:eip

nomisec WORKING POC

by d0rb · poc

https://github.com/d0rb/CVE-2023-4174

View Code ZIP pw:eip

inthewild

poc

https://github.com/codeb0ss/cve-2023-4174

View on inthewild

Nuclei Templates (1)

mooSocial 3.1.6 - Reflected Cross Site Scripting

MEDIUMVERIFIEDby momika233

Shodan: http.favicon.hash:"702863115"

FOFA: icon_hash="702863115" || moosocial

References (3)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/174017/Social-Commerce-3.1.6-Cross-Site-Scripting.html

[Permissions Required, Third Party Advisory, VDB Entry] https://vuldb.com/?ctiid.236209

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.236209

Scores

CVSS v3 3.5

EPSS 0.5577

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

moosocial/moostore 3.1.6

Published Aug 06, 2023

Tracked Since Feb 18, 2026