Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44012 | 1 Mojoportal | 1 Mojoportal | 2024-09-23 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component. | |||||
| CVE-2023-44011 | 1 Mojoportal | 1 Mojoportal | 2024-09-23 | N/A | 9.8 CRITICAL |
| An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component. | |||||
| CVE-2018-7447 | 1 Mojoportal | 1 Mojoportal | 2024-08-05 | 3.5 LOW | 4.8 MEDIUM |
| ** DISPUTED ** mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields claimed to be vulnerable to XSS are only available to administrators who are supposed to have access to add scripts. | |||||
| CVE-2017-1000457 | 1 Mojoportal | 1 Mojoportal | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accounts assigned either the "Administrators" or "Content Administrators" role. | |||||