Preethi Koroth

**Name of the Vulnerable Software and Affected Versions** mojoPortal versions prior to 2.6.0.0 **Description** The issue arises from the software's failure to sanitize user-supplied input, leading to multiple persistent cross-site scripting vulnerabilities. Specifically, the `Title` and `Subtitle` fields of the 'Blog' page are vulnerable. It's worth noting that the software maintainer disputes this as a vulnerability, citing that the fields in question are only accessible to administrators who are supposed to have access to add scripts. **Recommendations** For versions prior to 2.6.0.0, as a temporary workaround, consider restricting access to the `Title` and `Subtitle` fields of the 'Blog' page to minimize the risk of exploitation. Additionally, ensure that only trusted administrators have access to these fields, as they are intended for users who should have the capability to add scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.