OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
MojoPortal XSS

vulnsdionach.com
Date: Tue Jul 30 2013 - 07:08:10 CDT


Class Stored Cross-Site Scripting
Remote Yes
Credit Michael Savage of Dionach (vulnsdionach.com)
Vulnerable MojoPortal 2.3.9.7

MojoPortal is prone to a stored cross-site scripting vulnerability because it
does not escape the titles of forum threads when inserting into the page title
element.

An attacker may leverage this issue to run JavaScript in the context of another
user's browser.

MojoPortal 2.3.9.7 is known to be vulnerable. Other versions may also be
vulnerable.

To exploit this issue, an attacker must create a crafted post, for example:

POST /Forums/EditPost.aspx [txtSubject=+</title><script>alert("XSS!")</script>]

The vendor has released an updated version (2.3.9.8) which is believed to
resolve this issue. See the announcement at
https://www.mojoportal.com/mojoportal-2398-released