CVE-2018-7447

NONE EPSS 49.8%
Published Feb 24, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Feb 24, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields claimed to be vulnerable to XSS are only available to administrators who are supposed to have access to add scripts

Threat Intelligence

EPSS Exploit Probability
49.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
mojoportalmojoportal* ≤2.6.0.0

References 2

  • securityfocus.com http://www.securityfocus.com/bid/103263
    Third Party AdvisoryVDB Entry
  • github.com https://github.com/i7MEDIA/mojoportal/issues/82
    PatchThird Party Advisory

Remediation

  • github.com https://github.com/i7MEDIA/mojoportal/issues/82
    PatchThird Party Advisory