CVE-2023-53938

MEDIUM

RockMongo 1.1.7 - Stored Cross-Site Scripting via Database, Collection, and Login Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53938. PoCs published by Rafael Pedrero.

AI-analyzed exploit summary This exploit demonstrates stored and reflected XSS vulnerabilities in RockMongo 1.1.7 by injecting malicious scripts into various parameters via HTTP requests. The PoC includes multiple endpoints and payloads to trigger XSS alerts.

Description

RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute arbitrary JavaScript in victim's browser.

Exploits (1)

exploitdb WORKING POC
by Rafael Pedrero · textwebappsphp
https://www.exploit-db.com/exploits/51437

This exploit demonstrates stored and reflected XSS vulnerabilities in RockMongo 1.1.7 by injecting malicious scripts into various parameters via HTTP requests. The PoC includes multiple endpoints and payloads to trigger XSS alerts.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: RockMongo 1.1.7
No auth needed
Prerequisites: Access to the RockMongo web interface
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 5.4
EPSS 0.0020
EPSS Percentile 10.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
iwind/RockMongo 1.1.7
rockmongo/rockmongo 1.1.7
Published Dec 18, 2025
Tracked Since Feb 18, 2026