Back to search
CVE-2018-7447
Published: Feb 24, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields claimed to be vulnerable to XSS are only available to administrators who are supposed to have access to add scripts
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
103263
vdb-entry
x_refsource_BID
https://github.com/i7MEDIA/mojoportal/issues/82
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now