CVE-2018-7447
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields claimed to be vulnerable to XSS are only available to administrators who are supposed to have access to add scripts
** EN DISPUTA ** mojoPortal, hasta la versión 2.6.0.0 es propenso a múltiples vulnerabilidades de Cross-Site Scripting (XSS) debido a que fracasa a la hora de sanear entradas proporcionadas por el usuario. Los campos "Title" y "Subtitle" de la página "Blog" son vulnerables. NOTA: el mantenedor de software discute esta vulnerabilidad debido a que los campos que se indican como vulnerables a Cross-Site Scripting (XSS) están disponibles solamente a los administradores que deberían tener acceso para añadir scripts
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2018-02-23 CVE Reserved
- 2018-02-24 CVE Published
- 2024-01-03 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/103263 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/i7MEDIA/mojoportal/issues/82 | 2024-06-18 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mojoportal Search vendor "Mojoportal" | Mojoportal Search vendor "Mojoportal" for product "Mojoportal" | <= 2.6.0.0 Search vendor "Mojoportal" for product "Mojoportal" and version " <= 2.6.0.0" | - |
Affected
|