3 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 1

Cross-site scripting (XSS) vulnerability in Forums/EditPost.aspx in mojoPortal before 2.3.9.8 allows remote attackers to inject arbitrary web script or HTML via the txtSubject parameter. Vulnerabilidad de XSS en Forums/EditPost.aspx en mojoPortal anterior a 2.3.9.8, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del parámetro "txtSubject". • http://archives.neohapsis.com/archives/bugtraq/2013-07/0200.html http://osvdb.org/95847 http://packetstormsecurity.com/files/122608/MojoPortal-2.3.9.7-Cross-Site-Scripting.html http://secunia.com/advisories/54297 http://www.securityfocus.com/bid/61520 https://exchange.xforce.ibmcloud.com/vulnerabilities/86058 https://www.mojoportal.com/mojoportal-2398-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 4

Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ProfileView.aspx de mojoPortal v2.3.4.3 y v2.3.5.1 permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro "User ID". NOTA: algunos de estos detalles han sido obtenidos dde información de terceras partes. • https://www.exploit-db.com/exploits/15018 http://osvdb.org/68059 http://packetstormsecurity.org/1009-advisories/moaub16-mojoportal.pdf http://packetstormsecurity.org/1009-exploits/moaub-mojoportal.txt http://secunia.com/advisories/41481 http://www.exploit-db.com/exploits/15018 http://www.mojoportal.com/mojoportal-2352-released.aspx http://www.securityfocus.com/bid/43268 https://exchange.xforce.ibmcloud.com/vulnerabilities/61835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 4

Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el servicio de gestión de ficheros (Services/FileService.ashx) de mojoPortal v2.3.4.3 y v2.3.5.1 permite a usuarios remotos secuestrar (hijack) la autenticación de administrador para peticiones que renombran ficheros de su elección, como se ha demostrado moviendo el fichero user.config, provocando una denegación de servicio (parada del servicio) y posiblemente la exposición de información confidencial. • https://www.exploit-db.com/exploits/15018 http://osvdb.org/68060 http://packetstormsecurity.org/1009-advisories/moaub16-mojoportal.pdf http://packetstormsecurity.org/1009-exploits/moaub-mojoportal.txt http://secunia.com/advisories/41481 http://www.exploit-db.com/exploits/15018 http://www.mojoportal.com/mojoportal-2352-released.aspx https://exchange.xforce.ibmcloud.com/vulnerabilities/61834 • CWE-352: Cross-Site Request Forgery (CSRF) •