CVE-2017-1000457

Name of the Vulnerable Software and Affected Versions mojoPortal version 2.5.0.0

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter in Help.aspx. The exploitation of this issue requires authenticated reflected cross-site scripting and is limited to user accounts assigned either the "Administrators" or "Content Administrators" role.

Recommendations For mojoPortal version 2.5.0.0, consider restricting access to the Help.aspx page until a fix is available, and limit the roles that can access this page to those absolutely necessary. As a temporary workaround, avoid using the helpkey parameter in the affected API endpoint until the issue is resolved.