CVE-2023-45542

MEDIUM NUCLEI

mooSocial 3.1.8 - Cross-Site Scripting via Search q Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-45542. PoCs published by ahrixia. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2023-45542, demonstrating a reflected XSS vulnerability in mooSocial v3.1.8 via the 'q' parameter in the search function. The PoC includes a crafted payload and a sample HTTP GET request to trigger the XSS.

Description

Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function.

Exploits (1)

nomisec WORKING POC

by ahrixia · poc

https://github.com/ahrixia/CVE-2023-45542

View Code ZIP pw:eip

This repository contains a functional proof-of-concept for CVE-2023-45542, demonstrating a reflected XSS vulnerability in mooSocial v3.1.8 via the 'q' parameter in the search function. The PoC includes a crafted payload and a sample HTTP GET request to trigger the XSS.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: mooSocial v3.1.8

No auth needed

Prerequisites: Access to the vulnerable mooSocial instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

MooSocial 3.1.8 - Cross-Site Scripting

MEDIUMVERIFIEDby r3Y3r53

Shodan: http.favicon.hash:"702863115"

FOFA: icon_hash="702863115"

References (1)

Core 1

Core References

Exploit

https://github.com/ahrixia/CVE-2023-45542

Scores

CVSS v3 6.1

EPSS 0.0162

EPSS Percentile 73.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

moosocial/moosocial 3.1.8

Published Oct 16, 2023

Tracked Since Feb 18, 2026