CVE-2023-43325

Name of the Vulnerable Software and Affected Versions mooSocial version 3.1.8

Description A reflected cross-site scripting (XSS) vulnerability in the data[redirect url] parameter allows attackers to steal user's session cookies and impersonate their account via a crafted URL.

Recommendations For mooSocial version 3.1.8, avoid using the data[redirect url] parameter in affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to sensitive user data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.