moosocial
by Moosocial
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-44811 | Hig | 0.57 | 8.8 | 0.01 | Oct 9, 2023 | Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function. | ||
| CVE-2023-43323 | Med | 0.42 | 6.5 | 0.02 | Sep 28, 2023 | mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink]. | ||
| CVE-2023-45542 | Med | 0.40 | 6.1 | 0.02 | Oct 16, 2023 | Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function. | ||
| CVE-2023-44813 | Med | 0.40 | 6.1 | 0.02 | Oct 9, 2023 | Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. | ||
| CVE-2023-44812 | Med | 0.40 | 6.1 | 0.02 | Oct 9, 2023 | Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function. | ||
| CVE-2023-43325 | Med | 0.40 | 6.1 | 0.02 | Sep 26, 2023 | A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL. | ||
| CVE-2023-43326 | Med | 0.40 | 6.1 | 0.02 | Sep 25, 2023 | A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL. | ||
| CVE-2023-40869 | Med | 0.40 | 6.1 | 0.01 | Sep 14, 2023 | Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and group_categorias functions. |
- risk 0.57cvss 8.8epss 0.01
Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function.
- risk 0.42cvss 6.5epss 0.02
mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink].
- risk 0.40cvss 6.1epss 0.02
Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function.
- risk 0.40cvss 6.1epss 0.02
Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.
- risk 0.40cvss 6.1epss 0.02
Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function.
- risk 0.40cvss 6.1epss 0.02
A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL.
- risk 0.40cvss 6.1epss 0.02
A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and group_categorias functions.