CVE-2023-4173
LowCVSS 3.5Exploitation Probability (EPSS)
High risk87th percentile — higher than 87% of all known CVEs
Summary
A vulnerability was found in mooSocial mooStore version 3.1.6 that allows cross site scripting (XSS) attacks through manipulation of the argument q in the /search/index file.
Risk Assessment
An attacker can remotely exploit this vulnerability, potentially leading to user data theft or session hijacking.
Recommendation
It is recommended to update mooSocial mooStore to the latest version to mitigate this vulnerability and to monitor logs for potential attack attempts.
Original NVD description (English source)
A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236208.

