CVE-2023-24322

Name of the Vulnerable Software and Affected Versions mojoPortal version 2.7.0.0

Description A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters. This vulnerability exists due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of the vulnerability may allow a remote attacker to conduct a cross-site scripting (XSS) attack.

Recommendations For mojoPortal version 2.7.0.0, as a temporary workaround, consider disabling the FileDialog.aspx component until a patch is available. Restrict access to the ed and tbi parameters in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.