Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

naviwebs navigate cms - vulnerabilities and exploits

(subscribe to this query)
3.5
CVSSv2
CVE-2020-14014
An issue exists in Navigate CMS 2.8 and 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS.
Naviwebs Navigate Cms 2.8Naviwebs Navigate Cms 2.9
4.3
CVSSv2
CVE-2020-13798
An issue exists in Navigate CMS up to and including 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php.
Naviwebs Navigate Cms
5
CVSSv2
CVE-2020-13795
An issue exists in Navigate CMS up to and including 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings.
Naviwebs Navigate Cms
4.3
CVSSv2
CVE-2020-13796
An issue exists in Navigate CMS up to and including 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php.
Naviwebs Navigate Cms
3.5
CVSSv2
CVE-2018-18029
Navigate CMS has Stored XSS via the navigate.php Title field in an edit action.
Naviwebs Navigate Cms -
4.3
CVSSv2
CVE-2020-13797
An issue exists in Navigate CMS up to and including 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php.
Naviwebs Navigate Cms
7.5
CVSSv2
CVE-2020-23711
SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.
Naviwebs Navigate Cms 2.9
3.5
CVSSv2
CVE-2021-36454
Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4) comments\comments.php, 5) coupons\coupons.php, 6) feeds\feeds.php, 7) functions\functions.php, 8) ite...
Naviwebs Navigate Cms 2.9
6.5
CVSSv2
CVE-2021-36455
SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php.
Naviwebs Navigate Cms 2.9
7.5
CVSSv2
CVE-2018-17552
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote malicious users to bypass authentication via the navigate-user cookie.
Naviwebs Navigate Cms 2.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook