CVE-2018-7447

Name of the Vulnerable Software and Affected Versions mojoPortal versions prior to 2.6.0.0

Description The issue arises from the software's failure to sanitize user-supplied input, leading to multiple persistent cross-site scripting vulnerabilities. Specifically, the Title and Subtitle fields of the 'Blog' page are vulnerable. It's worth noting that the software maintainer disputes this as a vulnerability, citing that the fields in question are only accessible to administrators who are supposed to have access to add scripts.

Recommendations For versions prior to 2.6.0.0, as a temporary workaround, consider restricting access to the Title and Subtitle fields of the 'Blog' page to minimize the risk of exploitation. Additionally, ensure that only trusted administrators have access to these fields, as they are intended for users who should have the capability to add scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.