mooSocial is a multi-platform, mobile-ready, user-friendly script from mooSocial, Inc. for building community-driven content sharing and social networking sites. A cross-site scripting vulnerability exists in mooSocial version 3.1.8, which stems from the application’s lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to gain access to sensitive information via parameter q of the Search function.