6.5

CVE-2023-43323

Exploit

EPSS 80.8%
Veröffentlicht 28.09.2023 20:15:11
Zuletzt bearbeitet 21.11.2024 08:23:59
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink].

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Moosocial ≫ Moosocial Version3.1.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	80.8%	0.991

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-15 External Control of System or Configuration Setting

One or more system settings or configuration elements can be externally controlled by a user.

https://github.com/ahrixia/CVE-2023-43323

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-43323

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-43323

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-43323

EUVD