CVE Catalog

CVE-2023-3848

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

High risk
3.68%

88th percentile — higher than 88% of all known CVEs

Summary

A vulnerability has been identified in mooSocial mooDating version 1.2 that leads to cross site scripting (XSS) attacks through manipulation of the /users/view file in the URL Handler component. The attack can be initiated remotely.

Risk Assessment

This vulnerability may allow attackers to inject malicious JavaScript code, potentially leading to user data theft or session hijacking. Organizations should be aware of the risks associated with this vulnerability.

Recommendation

It is recommended to update to the latest version of mooSocial mooDating and implement appropriate security measures to minimize the risk of XSS attacks.

Original NVD description (English source)

A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. This issue affects some unknown processing of the file /users/view of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235199. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS