CVE-2023-44813

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions mooSocial version 3.1.8

Description The issue allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. This is a Cross Site Scripting (XSS) issue.

Recommendations For mooSocial version 3.1.8, consider disabling the invite friend login function until a patch is available to prevent exploitation. Restrict access to the mode parameter to minimize the risk of arbitrary code execution.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-44813

Affected Products

Moosocial

CVE-2023-44813

Weakness Enumeration

Related Identifiers

Affected Products

References · 4