OSVDB ID: 95847

Title: mojoPortal /Forums/EditPost.aspx txtSubject Parameter XSS

Info

Disclosure

Jul 29, 2013

Discovery

Unknown

Dates

Exploit

Jul 30, 2013

Solution

Jul 29, 2013

Description

mojoPortal contains a flaw that allows a persistent cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'txtSubject' parameter upon submission to the /Forums/EditPost.aspx script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified, Third-party Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

It has been reported that this issue has been fixed. Upgrade to version 2.3.9.8, or higher, to address this vulnerability.

Products

Source Tree Solutions, LLC

mojoPortal

2.3.9.7

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/95847