Shodan
Vulnerabilities
Vulnerable Software
Mojoportal:  >> Mojoportal  >> 2.7.0.0  Security Vulnerabilities
CVE-2025-28367
mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey.
CVSS Score
6.5
EPSS Score
0.077
Published
2025-04-21
CVE-2023-44011
An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component.
CVSS Score
9.8
EPSS Score
0.177
Published
2023-10-02
CVE-2023-44012
Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.
CVSS Score
6.1
EPSS Score
0.152
Published
2023-10-02
CVE-2023-44008
File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function.
CVSS Score
9.8
EPSS Score
0.128
Published
2023-10-02
CVE-2023-44009
File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function.
CVSS Score
9.8
EPSS Score
0.094
Published
2023-10-02
CVE-2023-24689
An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx
CVSS Score
4.3
EPSS Score
0.003
Published
2023-02-09
CVE-2023-24322
A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.
CVSS Score
6.1
EPSS Score
0.191
Published
2023-02-09
CVE-2023-24323
Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-02-09
CVE-2023-24687
Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter.
CVSS Score
5.4
EPSS Score
0.004
Published
2023-02-09
CVE-2023-24688
An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled.
CVSS Score
5.3
EPSS Score
0.009
Published
2023-02-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved