CVE Catalog

CVE-2023-4173

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

High risk
3.34%

87th percentile — higher than 87% of all known CVEs

Summary

A vulnerability was found in mooSocial mooStore version 3.1.6 that allows cross site scripting (XSS) attacks through manipulation of the argument q in the /search/index file.

Risk Assessment

An attacker can remotely exploit this vulnerability, potentially leading to user data theft or session hijacking.

Recommendation

It is recommended to update mooSocial mooStore to the latest version to mitigate this vulnerability and to monitor logs for potential attack attempts.

Original NVD description (English source)

A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236208.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS