CVE-2018-7447
NONE EPSS 49.8%
Published Feb 24, 20188y ago · Modified Jun 17, 20262w ago
Published Feb 24, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields claimed to be vulnerable to XSS are only available to administrators who are supposed to have access to add scripts
Threat Intelligence
EPSS Exploit Probability
49.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| mojoportal | mojoportal | * | ≤2.6.0.0 |
References 2
- securityfocus.com http://www.securityfocus.com/bid/103263
- github.com https://github.com/i7MEDIA/mojoportal/issues/82
Remediation
- github.com https://github.com/i7MEDIA/mojoportal/issues/82