Mojoportal

mojoportal

Vendor: Mojoportal • 14 CVEs

CVEs (14)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-28367 1Mojoportal 1Mojoportal Aug 22, 2025 Apr 21, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey.
CVE-2023-44012 1Mojoportal 1Mojoportal Nov 21, 2024 Oct 2, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.
CVE-2023-44011 1Mojoportal 1Mojoportal Nov 21, 2024 Oct 2, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component.
CVE-2023-44009 1Mojoportal 1Mojoportal Nov 21, 2024 Oct 2, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function.
CVE-2023-44008 1Mojoportal 1Mojoportal Nov 21, 2024 Oct 2, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function.
CVE-2023-24689 1Mojoportal 1Mojoportal Mar 24, 2025 Feb 9, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx
CVE-2023-24688 1Mojoportal 1Mojoportal Mar 24, 2025 Feb 9, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled.
CVE-2023-24687 1Mojoportal 1Mojoportal Mar 24, 2025 Feb 9, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a c...Show more Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter.Show less
CVE-2023-24323 1Mojoportal 1Mojoportal Mar 24, 2025 Feb 9, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability.
CVE-2023-24322 1Mojoportal 1Mojoportal Mar 24, 2025 Feb 9, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi pa...Show more A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.Show less
CVE-2022-40123 1Mojoportal 1Mojoportal Nov 21, 2024 Oct 3, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system.
CVE-2022-40341 1Mojoportal 1Mojoportal May 20, 2025 Sep 30, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file.
CVE-2018-7447 1Mojoportal 1Mojoportal Nov 21, 2024 Feb 24, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE:...Show more mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields claimed to be vulnerable to XSS are only available to administrators who are supposed to have access to add scriptsShow less
CVE-2017-1000457 1Mojoportal 1Mojoportal Nov 21, 2024 Jan 2, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected...Show more Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accounts assigned either the "Administrators" or "Content Administrators" role.Show less