CVE-2023-43326

Name of the Vulnerable Software and Affected Versions mooSocial version 3.1.8

Description A reflected cross-site scripting (XSS) vulnerability exists in multiple URLs of the software, allowing attackers to steal user's session cookies and impersonate their account via a crafted URL. The vulnerability is also present in the change email function.

Recommendations For mooSocial version 3.1.8, consider disabling the change email function until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. Avoid using crafted URLs that may trigger the XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.