CVE-2018-7447

CVE-2018-7447

mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The ‘Title’ and ‘Subtitle’ fields of the ‘Blog’ page are vulnerable.

Source: CVE-2018-7447