| BDSA-2023-2681 |
|
High |
Oct 06, 2023 |
mojoPortal contains an unrestricted file upload vulnerability due to a lack of validation of uploaded files. An attacker could exploit this issue by up
more...
mojoPortal contains an unrestricted file upload vulnerability due to a lack of validation of uploaded files. An attacker could exploit this issue by uploading a maliciously crafted file to the application, which could potentially result in the remote execution of arbitrary code.
less...
|
|
| BDSA-2023-2680 |
|
High |
Oct 06, 2023 |
mojoPortal contains an unrestricted file upload vulnerability due to a lack of validation of uploaded files. An attacker could exploit this issue by up
more...
mojoPortal contains an unrestricted file upload vulnerability due to a lack of validation of uploaded files. An attacker could exploit this issue by uploading a maliciously crafted file to the application, which could potentially result in the remote execution of arbitrary code.
less...
|
|
| BDSA-2023-2674 |
|
Medium |
Oct 06, 2023 |
mojoPortal contains a stored cross-site scripting (XSS) vulnerability due to insufficient sanitation of user-supplied script. An attacker could exploit
more...
mojoPortal contains a stored cross-site scripting (XSS) vulnerability due to insufficient sanitation of user-supplied script. An attacker could exploit this issue by injecting malicious ASP code into the `layout.master` file. When a user accesses an endpoint for using a skin, the malicious code would execute and could lead to the loss of a victim's sensitive information such as session tokens and cookies.
less...
|
|
| BDSA-2023-2669 |
|
Medium |
Oct 06, 2023 |
mojoPortal contains a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitation of user-supplied scripting. An attacker could e
more...
mojoPortal contains a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitation of user-supplied scripting. An attacker could exploit this issue by passing a maliciously crafted URL to a victim, which would execute a payload when opened and could lead to the loss of a victim's sensitive information, such as session tokens and cookies.
**Note:** This vulnerability is a bypass of **CVE-2017-1000457**, which is represented by **BDSA-2017-3560**.
less...
|
|
| BDSA-2022-2857 |
|
Medium |
Oct 10, 2022 |
mojoPortal is vulnerable to information exposure due to the insufficient validation of user-supplied input to the `f` parameter of the `CssEditor.aspx`
more...
mojoPortal is vulnerable to information exposure due to the insufficient validation of user-supplied input to the `f` parameter of the `CssEditor.aspx` page in the Design Tools component. This could allow an authenticated attacker to read arbitrary files on a target system.
less...
|
|
