Lucene search
MitreCVE-2023-43325HistorySep 26, 2023 - 12:15 a.m.
CVE-2023-43325
2023-09-2600:15:10
CWE-79
mitre
web.nvd.nist.gov
27
#xss
#vulnerability
#moosocial
#session-cookie-theft
#cve-2023-43325
#security
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.304
Percentile
97.0%
A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter of mooSocial v3.1.8 allows attackers to steal user’s session cookies and impersonate their account via a crafted URL.
Affected configurations
Node
moosocialmoosocialMatch3.1.8
Related
nvd
nvd
CVE-2023-43325
2023-09-26 00:15:10
prion
prion
Cross site scripting
2023-09-26 00:15:00
vulnrichment
vulnrichment
CVE-2023-43325
2023-09-25 00:00:00
zdt
zdt
nuclei
nuclei
MooSocial 3.1.8 - Cross-Site Scripting
2023-11-23 11:30:47
cvelist
cvelist
CVE-2023-43325
2023-09-25 00:00:00
exploitdb
exploitdb
mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page
2024-02-02 00:00:00
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.304
Percentile
97.0%
Related for CVE-2023-43325