CVE-2023-44012
published 2023-10-02CVE-2023-44012: Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx…
PriorityP334medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.26%
65.9th percentile
Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mojoportal | mojoportal | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
mojoPortal v.2.7.0.0 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-44012 [MEDIUM] mojoPortal v.2.7.0.0 - Cross-Site Scripting
mojoPortal v.2.7.0.0 - Cross-Site Scripting
Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.
Template:
id: CVE-2023-44012
info:
name: mojoPortal v.2.7.0.0 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.
impact: |
Successful exploitation could allow an attacker to execute malicious scripts in the context of the victim's browser.
remediation: |
Upgrade to a patched version of mojoPortal to mitigate the Cross Site Scripting (XSS) vulnerability.
reference:
- https://github.com/Vietsunshin
No writeups or analysis indexed.
2023-10-02
Published