cpe:/a:mojoportal:mojoportal:2.5.0.0 CVE-2017-1000457 2018-01-02T13:29:00.293-05:00 2018-01-17T12:39:20.963-05:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov 2018-01-11T15:07:05.047-05:00 MISC https://github.com/i7MEDIA/mojoportal/commit/5ea8129f74c80cbf1f68b9083c745cc8a685485d MISC https://www.mojoportal.com/mojoportal-2-6 Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accounts assigned either the "Administrators" or "Content Administrators" role.