Moosocial: Security Vulnerabilities
Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function.
CVSS Score
6.1
EPSS Score
0.385
Published
2023-10-16
Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function.
CVSS Score
6.1
EPSS Score
0.335
Published
2023-10-09
Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.
CVSS Score
6.1
EPSS Score
0.232
Published
2023-10-09
Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function.
CVSS Score
8.8
EPSS Score
0.033
Published
2023-10-09
mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink].
CVSS Score
6.5
EPSS Score
0.63
Published
2023-09-28
A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL.
CVSS Score
6.1
EPSS Score
0.112
Published
2023-09-26
A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL.
CVSS Score
6.1
EPSS Score
0.258
Published
2023-09-25
Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions.
CVSS Score
8.8
EPSS Score
0.032
Published
2023-09-14
Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and group_categorias functions.
CVSS Score
6.1
EPSS Score
0.056
Published
2023-09-14
A vulnerability was found in mooSocial mooTravel 3.1.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-236210 is the identifier assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-08-06
Page 1