Lucene search
CVE-2023-24689
An authenticated attacker can list css files in Mojoportal v2.7.0.0 or below via "s" parameter manipulatio
Show more
| Reporter | Title | Published | Views | Family All 5 |
|---|---|---|---|---|
 | CVE-2023-24689 | 9 Feb 202320:15 | – | osv |
 | Design/Logic Flaw | 9 Feb 202320:15 | – | prion |
 | CVE-2023-24689 | 9 Feb 202300:00 | – | cvelist |
 | CVE-2023-24689 | 9 Feb 202300:00 | – | vulnrichment |
 | CVE-2023-24689 | 9 Feb 202320:15 | – | nvd |
Node
| Source | Link |
|---|---|
| mojoportal | www.mojoportal.com/ |
| github | www.github.com/blakduk/Advisories/blob/main/Mojoportal/README.md |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| s | query param | /DesignTools/ManageSkin.aspx | The 's' parameter allows authenticated attackers to enumerate all CSS files in the root directory of the web server. | CWE-22 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo09 Feb 2023 20:15Current
4.6Medium risk
Vulners AI Score4.6
CVSS34.3
EPSS0.00162
SSVC