Filtered by vendor Mojoportal
Subscribe
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24322 | 1 Mojoportal | 1 Mojoportal | 2023-02-16 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters. | |||||
| CVE-2023-24323 | 1 Mojoportal | 1 Mojoportal | 2023-02-16 | N/A | 8.8 HIGH |
| Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability. | |||||
| CVE-2023-24687 | 1 Mojoportal | 1 Mojoportal | 2023-02-16 | N/A | 5.4 MEDIUM |
| Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter. | |||||
| CVE-2023-24689 | 1 Mojoportal | 1 Mojoportal | 2023-02-16 | N/A | 4.3 MEDIUM |
| An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx | |||||
| CVE-2023-24688 | 1 Mojoportal | 1 Mojoportal | 2023-02-16 | N/A | 5.3 MEDIUM |
| An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled. | |||||
| CVE-2022-40341 | 1 Mojoportal | 1 Mojoportal | 2022-10-05 | N/A | 8.8 HIGH |
| mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file. | |||||
| CVE-2022-40123 | 1 Mojoportal | 1 Mojoportal | 2022-10-05 | N/A | 6.5 MEDIUM |
| mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system. | |||||
| CVE-2018-7447 | 1 Mojoportal | 1 Mojoportal | 2019-04-30 | 3.5 LOW | 4.8 MEDIUM |
| ** DISPUTED ** mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields claimed to be vulnerable to XSS are only available to administrators who are supposed to have access to add scripts. | |||||
| CVE-2017-1000457 | 1 Mojoportal | 1 Mojoportal | 2018-01-17 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accounts assigned either the "Administrators" or "Content Administrators" role. | |||||