CVE-2023-44813

MEDIUM NUCLEI

mooSocial 3.1.8 - Stored Cross-Site Scripting via Invite Friend Login Mode Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-44813. PoCs published by ahrixia. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2023-44813, demonstrating a reflected XSS vulnerability in mooSocial v3.1.8 via the 'mode' parameter in the Invite Friend function. The PoC includes a crafted payload and a sample GET request to trigger the XSS.

Description

Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.

Exploits (1)

nomisec WORKING POC
by ahrixia · poc
https://github.com/ahrixia/CVE-2023-44813

This repository contains a functional proof-of-concept for CVE-2023-44813, demonstrating a reflected XSS vulnerability in mooSocial v3.1.8 via the 'mode' parameter in the Invite Friend function. The PoC includes a crafted payload and a sample GET request to trigger the XSS.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: mooSocial v3.1.8
No auth needed
Prerequisites: Access to the vulnerable endpoint /moosocial/friends/ajax_invite
MITRE ATT&CK
devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

mooSocial v.3.1.8 - Cross-Site Scripting
MEDIUMVERIFIEDby ritikchaddha
Shodan: http.favicon.hash:702863115 || http.favicon.hash:"702863115"
FOFA: icon_hash="702863115"

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://github.com/ahrixia/CVE-2023-44813

Scores

CVSS v3 6.1
EPSS 0.0177
EPSS Percentile 75.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-79
Status published
Products (1)
moosocial/moosocial 3.1.8
Published Oct 09, 2023
Tracked Since Feb 18, 2026