CVE-2023-44812

Name of the Vulnerable Software and Affected Versions mooSocial version 3.1.8

Description The issue allows a remote attacker to execute arbitrary code via a crafted payload to the admin redirect url parameter of the user login function. This is a Cross Site Scripting (XSS) issue.

Recommendations For mooSocial version 3.1.8, consider restricting access to the admin redirect url parameter in the user login function until a patch is available. As a temporary workaround, avoid using the admin redirect url parameter in the affected login functionality to minimize the risk of exploitation.