CVE-2023-3848
Published: 23 July 2023
Summary
CVE-2023-3848 is a low-severity Cross-site Scripting (CWE-79) vulnerability in Moosocial Moodating. Its CVSS base score is 3.5 (Low).
Operationally, ranked in the top 8.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A vulnerability classified as problematic has been identified in mooSocial mooDating version 1.2. The issue resides in the URL Handler component, specifically within the /users/view file, where improper handling of input enables cross-site scripting. The flaw is tracked as CVE-2023-3848 and carries a CVSS v3.1 base score of 3.5, corresponding to CWE-79.
An authenticated remote attacker can supply crafted input to the affected endpoint and trigger script execution in the context of another user's browser session, resulting in limited impact to data integrity. Exploitation requires user interaction and does not affect confidentiality or availability.
Public references include a Packet Storm disclosure containing a proof-of-concept and multiple VulDB entries; no vendor patch or official mitigation guidance is referenced, consistent with the unsuccessful early contact attempt noted in the advisory. The associated EPSS score has remained low, with a current value of 0.0756 and a peak of 0.0981.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-44476
Vulnerability details
A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. This issue affects some unknown processing of the file /users/view of the component URL Handler. The manipulation leads to cross site scripting. The attack may be…
more
initiated remotely. The associated identifier of this vulnerability is VDB-235199. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.
Validates web inputs to reject script-related content that could produce XSS.
Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.