VYPR

mojoPortal

by MojoPortal

CVEs (5)

  • CVE-2018-7447MedFeb 24, 2018
    risk 0.31cvss 4.8epss 0.01

    mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability…

  • CVE-2010-3603Sep 24, 2010
    risk 0.03cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing…

  • CVE-2010-3602Sep 24, 2010
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2017-1000457MedJan 2, 2018
    risk 0.00cvss 4.8epss 0.01

    Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accounts assigned either the…

  • CVE-2013-5320Aug 20, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Forums/EditPost.aspx in mojoPortal before 2.3.9.8 allows remote attackers to inject arbitrary web script or HTML via the txtSubject parameter.