Lucene search

[email protected]NVD:CVE-2023-43325

HistorySep 26, 2023 - 12:15 a.m.

CVE-2023-43325

2023-09-2600:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-43325

reflected cross-site scripting

data parameter

steal user's session cookies

impersonate account

crafted url

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.304

Percentile

97.0%

JSON

A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter of mooSocial v3.1.8 allows attackers to steal user’s session cookies and impersonate their account via a crafted URL.

Affected configurations

Nvd

Node

moosocialmoosocialMatch3.1.8

VendorProductVersionCPE
moosocialmoosocial3.1.8cpe:2.3:a:moosocial:moosocial:3.1.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moosocial	moosocial	3.1.8	cpe:2.3:a:moosocial:moosocial:3.1.8:::::::*

References

github.com/ahrixia/CVE-2023-43325

moosocial.com/

travel.moosocial.com/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.304

Percentile

97.0%

JSON

Related for NVD:CVE-2023-43325

cve1 prion1 vulnrichment1 zdt1 cvelist1 nuclei1 exploitdb1